General
-
Target
cc73927b9372a0a40fb462cc667f745c_JaffaCakes118
-
Size
1.2MB
-
Sample
240831-jxpg6atcmq
-
MD5
cc73927b9372a0a40fb462cc667f745c
-
SHA1
88cd72442546b015abc46037a596cf90641dae34
-
SHA256
d10a60c9c3a85ddbb70c6828bf9a8f2708e3c53036d8a084537a246466c1ce68
-
SHA512
e7b70725a80f4d6e67b10866791b3d8fa65360c62cabd690d2874f795fbbecceed2126e408a77f371e3017eb775d5240b673525635828820a7cfb8bd43910c89
-
SSDEEP
24576:/64MVThRn8gVC/zRK1fHa6/0xXeCxg0FBjf6K80sr:/64MTcgVCb4566/0OSg0FBjI0
Malware Config
Targets
-
-
Target
cc73927b9372a0a40fb462cc667f745c_JaffaCakes118
-
Size
1.2MB
-
MD5
cc73927b9372a0a40fb462cc667f745c
-
SHA1
88cd72442546b015abc46037a596cf90641dae34
-
SHA256
d10a60c9c3a85ddbb70c6828bf9a8f2708e3c53036d8a084537a246466c1ce68
-
SHA512
e7b70725a80f4d6e67b10866791b3d8fa65360c62cabd690d2874f795fbbecceed2126e408a77f371e3017eb775d5240b673525635828820a7cfb8bd43910c89
-
SSDEEP
24576:/64MVThRn8gVC/zRK1fHa6/0xXeCxg0FBjf6K80sr:/64MTcgVCb4566/0OSg0FBjI0
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-