General
-
Target
e5dce4d6507ff81239dc7e0b56b56bb2_JaffaCakes118
-
Size
404KB
-
Sample
240917-bl6y3ayerd
-
MD5
e5dce4d6507ff81239dc7e0b56b56bb2
-
SHA1
d61c564e95a73fe9c0414d0f62e159cf49e31cfb
-
SHA256
11f770dbf8960f96c98864688e09c91cdd0ca31ae9baa97357f3760ff50dc06e
-
SHA512
2316fd23e4e4e230abb725cb3133a45df713e617eec02a590dbf7c44aa6daf433565620084fa506b68d3d0135c0c72a169b234ddd682d0c6ffe4acdbaf4c4b59
-
SSDEEP
6144:xG6lLaGn5nf1lZsUCiif4nL/E7WhSRcN472t0OAm/BoYb9LU4OmDJTGDvjTQ:xTa6Bf1li9d+L+4tGewOhb9JOmDJajTQ
Malware Config
Targets
-
-
Target
e5dce4d6507ff81239dc7e0b56b56bb2_JaffaCakes118
-
Size
404KB
-
MD5
e5dce4d6507ff81239dc7e0b56b56bb2
-
SHA1
d61c564e95a73fe9c0414d0f62e159cf49e31cfb
-
SHA256
11f770dbf8960f96c98864688e09c91cdd0ca31ae9baa97357f3760ff50dc06e
-
SHA512
2316fd23e4e4e230abb725cb3133a45df713e617eec02a590dbf7c44aa6daf433565620084fa506b68d3d0135c0c72a169b234ddd682d0c6ffe4acdbaf4c4b59
-
SSDEEP
6144:xG6lLaGn5nf1lZsUCiif4nL/E7WhSRcN472t0OAm/BoYb9LU4OmDJTGDvjTQ:xTa6Bf1li9d+L+4tGewOhb9JOmDJajTQ
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-