General
-
Target
db1a298ab8ae7982dab4e0e9f26daf79_JaffaCakes118
-
Size
1.2MB
-
Sample
240911-yhe3hazakn
-
MD5
db1a298ab8ae7982dab4e0e9f26daf79
-
SHA1
75fc5fb0566827a7a8a57df4c9e300423c076a5e
-
SHA256
43d29440c02f61ea06e3bd8c9699720b2c985cad648a3b7b4ec07f053d4babc5
-
SHA512
81baec8f4b11a2053da21abde79214bbcd7b18b9cf4dc49b8723c9386d4bd31da8ce914c79e1a72a15a7197be0ac248ad6fe604996a585ffbf3ae12234cd1c82
-
SSDEEP
24576:k64MVT6FsCgx2URTGKq3HFA9ow9KjY1vCchYiSCBWOBgB79OibMb8jYwP8YC:k64MT6FsC5URTGvHFK9Kk1vCc+iSCBWp
Malware Config
Targets
-
-
Target
db1a298ab8ae7982dab4e0e9f26daf79_JaffaCakes118
-
Size
1.2MB
-
MD5
db1a298ab8ae7982dab4e0e9f26daf79
-
SHA1
75fc5fb0566827a7a8a57df4c9e300423c076a5e
-
SHA256
43d29440c02f61ea06e3bd8c9699720b2c985cad648a3b7b4ec07f053d4babc5
-
SHA512
81baec8f4b11a2053da21abde79214bbcd7b18b9cf4dc49b8723c9386d4bd31da8ce914c79e1a72a15a7197be0ac248ad6fe604996a585ffbf3ae12234cd1c82
-
SSDEEP
24576:k64MVT6FsCgx2URTGKq3HFA9ow9KjY1vCchYiSCBWOBgB79OibMb8jYwP8YC:k64MT6FsC5URTGvHFK9Kk1vCc+iSCBWp
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-