General
-
Target
dafbe70a0e0c355d3b38a06671d0f3fa_JaffaCakes118
-
Size
565KB
-
Sample
240911-w9qxzawgmh
-
MD5
dafbe70a0e0c355d3b38a06671d0f3fa
-
SHA1
0c90933be0af2e852c7cfa247bef6c5f31a64df8
-
SHA256
ef1dac65d328cc6074e8d639970c19e516078ae63a379f1e5496cf9ce403c92f
-
SHA512
20878cb551a3d000c2a7acff7c3d299a876d3a71e9f85651672a3fb00f71e5c3fcaff661fc78f0c5fb76af307a26f446ab6a7962bb6b49f037b2a6a901df3a45
-
SSDEEP
12288:nEeFO2rpBZZUJojSR55ogstIvS5Q0L0pTPUGcH7JA1EhbYkYmpUDgoSMIi0CP:To21BPUh5mI/04p7BcbJA1EBs5Ii5P
Malware Config
Targets
-
-
Target
dafbe70a0e0c355d3b38a06671d0f3fa_JaffaCakes118
-
Size
565KB
-
MD5
dafbe70a0e0c355d3b38a06671d0f3fa
-
SHA1
0c90933be0af2e852c7cfa247bef6c5f31a64df8
-
SHA256
ef1dac65d328cc6074e8d639970c19e516078ae63a379f1e5496cf9ce403c92f
-
SHA512
20878cb551a3d000c2a7acff7c3d299a876d3a71e9f85651672a3fb00f71e5c3fcaff661fc78f0c5fb76af307a26f446ab6a7962bb6b49f037b2a6a901df3a45
-
SSDEEP
12288:nEeFO2rpBZZUJojSR55ogstIvS5Q0L0pTPUGcH7JA1EhbYkYmpUDgoSMIi0CP:To21BPUh5mI/04p7BcbJA1EBs5Ii5P
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-