General
-
Target
da85efdf57d7378e713763829277d957_JaffaCakes118
-
Size
1.2MB
-
Sample
240911-rkefesvfpc
-
MD5
da85efdf57d7378e713763829277d957
-
SHA1
50d026daf33de52e3c14f2c468dd5e16029ace63
-
SHA256
59596561f643cc6cfb916122d8c7d9e21a311e90ffbc68d9bf907f939183a14c
-
SHA512
650fdd5895f075ee6fefaf4710a53794e3cadd8826db64821096400fb6f72368ac28de7451f83c4cd06d8add2d2d9bb7c6b9bb2f5442d2cda14bafea8a1c29fc
-
SSDEEP
24576:664MVTVUeVu5TrVhBZR5m0+fPM0fDaFMGPmdJPGbz9+kwJCY:664MTyeVsVhBZXy3lQ3iU9+/JC
Malware Config
Targets
-
-
Target
da85efdf57d7378e713763829277d957_JaffaCakes118
-
Size
1.2MB
-
MD5
da85efdf57d7378e713763829277d957
-
SHA1
50d026daf33de52e3c14f2c468dd5e16029ace63
-
SHA256
59596561f643cc6cfb916122d8c7d9e21a311e90ffbc68d9bf907f939183a14c
-
SHA512
650fdd5895f075ee6fefaf4710a53794e3cadd8826db64821096400fb6f72368ac28de7451f83c4cd06d8add2d2d9bb7c6b9bb2f5442d2cda14bafea8a1c29fc
-
SSDEEP
24576:664MVTVUeVu5TrVhBZR5m0+fPM0fDaFMGPmdJPGbz9+kwJCY:664MTyeVsVhBZXy3lQ3iU9+/JC
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-