General
-
Target
d3befbf53dd7ed84b5540d223e86884d_JaffaCakes118
-
Size
597KB
-
Sample
240908-g7x6ya1fkm
-
MD5
d3befbf53dd7ed84b5540d223e86884d
-
SHA1
cab90d480c0ff4705400e660cf0d6513252a477d
-
SHA256
ace69a47deb73ba1524da0bb81aba94c6f426a72639cc09eef529989a0c30eac
-
SHA512
39b0b744a7a92b14177c6d981202e1749976e1ca95d4e1176fae8e9df789cf58adbb5f436e7679c3cce167f25991fb518b7b557785822243308779a96f080c42
-
SSDEEP
12288:wbzUzGD2qYtRIvzf0jbch/Cz3s7kKH/HgJUN3ApupVnG1DJy:wbzUzRqiIvzf0vyKA7kRJonnG1Jy
Malware Config
Targets
-
-
Target
d3befbf53dd7ed84b5540d223e86884d_JaffaCakes118
-
Size
597KB
-
MD5
d3befbf53dd7ed84b5540d223e86884d
-
SHA1
cab90d480c0ff4705400e660cf0d6513252a477d
-
SHA256
ace69a47deb73ba1524da0bb81aba94c6f426a72639cc09eef529989a0c30eac
-
SHA512
39b0b744a7a92b14177c6d981202e1749976e1ca95d4e1176fae8e9df789cf58adbb5f436e7679c3cce167f25991fb518b7b557785822243308779a96f080c42
-
SSDEEP
12288:wbzUzGD2qYtRIvzf0jbch/Cz3s7kKH/HgJUN3ApupVnG1DJy:wbzUzRqiIvzf0vyKA7kRJonnG1Jy
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-