General
-
Target
e2ebdccb8a3e4244261ca5ebb3d0f8a6_JaffaCakes118
-
Size
813KB
-
Sample
240915-t33bbasgjb
-
MD5
e2ebdccb8a3e4244261ca5ebb3d0f8a6
-
SHA1
c70105a7b64287c4e53548b54be6fe9f242f95f0
-
SHA256
2fc377e680565a454d7dc0e04c042dccc2a6306f4368d93de59d69821842457d
-
SHA512
208aa92a162e231b59730d1c4636ea2826920c5ecf94cc062640c1bfe792e6db5091653add3628c0d624185fa0e4a2384825dd1422aa4406ade0ed13cca148cd
-
SSDEEP
12288:+ctGE+lDwn8cUwp9MCEAjW7cp8V+6RG7io6ezCjnG3yWoI1UWQB:0EwDPcLjDEAjGU8V+x7QeezlhB
Malware Config
Targets
-
-
Target
e2ebdccb8a3e4244261ca5ebb3d0f8a6_JaffaCakes118
-
Size
813KB
-
MD5
e2ebdccb8a3e4244261ca5ebb3d0f8a6
-
SHA1
c70105a7b64287c4e53548b54be6fe9f242f95f0
-
SHA256
2fc377e680565a454d7dc0e04c042dccc2a6306f4368d93de59d69821842457d
-
SHA512
208aa92a162e231b59730d1c4636ea2826920c5ecf94cc062640c1bfe792e6db5091653add3628c0d624185fa0e4a2384825dd1422aa4406ade0ed13cca148cd
-
SSDEEP
12288:+ctGE+lDwn8cUwp9MCEAjW7cp8V+6RG7io6ezCjnG3yWoI1UWQB:0EwDPcLjDEAjGU8V+x7QeezlhB
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-