General
-
Target
dd94a1dd7c7a142df7162e305e8d327b_JaffaCakes118
-
Size
1.1MB
-
Sample
240913-d22emasdpe
-
MD5
dd94a1dd7c7a142df7162e305e8d327b
-
SHA1
ecea96b506e5203d9fd1be92e48bebde03375749
-
SHA256
0099a06647ac792007fcf611ff216a84bf34e4a921dea9bbf312e5f1bfaaaed4
-
SHA512
21ac123da9a3f45182a2328cc472b82950a7853ed9eea2d3519110bf25e3abc307def8b402ec9c6d1199569db64e96b19d38ec47125c4017108a803404178185
-
SSDEEP
24576:UHvZTwPaKN+Fo3YOJ+4bwxuZaaqDpi882k1jOdh7KXZwx8kmu:cBT+aTF4Lskd4pR88vN8
Malware Config
Targets
-
-
Target
dd94a1dd7c7a142df7162e305e8d327b_JaffaCakes118
-
Size
1.1MB
-
MD5
dd94a1dd7c7a142df7162e305e8d327b
-
SHA1
ecea96b506e5203d9fd1be92e48bebde03375749
-
SHA256
0099a06647ac792007fcf611ff216a84bf34e4a921dea9bbf312e5f1bfaaaed4
-
SHA512
21ac123da9a3f45182a2328cc472b82950a7853ed9eea2d3519110bf25e3abc307def8b402ec9c6d1199569db64e96b19d38ec47125c4017108a803404178185
-
SSDEEP
24576:UHvZTwPaKN+Fo3YOJ+4bwxuZaaqDpi882k1jOdh7KXZwx8kmu:cBT+aTF4Lskd4pR88vN8
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-