General
-
Target
ea353e47230df46c4f6ba7379e13755a_JaffaCakes118
-
Size
1.2MB
-
Sample
240918-3yffeszdme
-
MD5
ea353e47230df46c4f6ba7379e13755a
-
SHA1
f080ce3c212e34aa68468503fa73f73299a53a21
-
SHA256
e769857056856bfb77a29709cf216b5c2eaf4c6870b50b7645230fe6defe4e28
-
SHA512
1b3d3ffe828cf7b74d7bd55045408ea572a646f1525603eee02a0481bb2eb603b187dc319a8fa0346c52ee1fe4f111a41acbb8c5c71cb43759c96a5cc664eb43
-
SSDEEP
24576:/0NzTljXtItWGU4+rgcSSs7Dng03ushoq1oXqCtYBU55WVYFU0jMIlkn/rO9o3vc:/0pTvwWGURnTsDng0+stCaBIvJMjzOwm
Malware Config
Targets
-
-
Target
ea353e47230df46c4f6ba7379e13755a_JaffaCakes118
-
Size
1.2MB
-
MD5
ea353e47230df46c4f6ba7379e13755a
-
SHA1
f080ce3c212e34aa68468503fa73f73299a53a21
-
SHA256
e769857056856bfb77a29709cf216b5c2eaf4c6870b50b7645230fe6defe4e28
-
SHA512
1b3d3ffe828cf7b74d7bd55045408ea572a646f1525603eee02a0481bb2eb603b187dc319a8fa0346c52ee1fe4f111a41acbb8c5c71cb43759c96a5cc664eb43
-
SSDEEP
24576:/0NzTljXtItWGU4+rgcSSs7Dng03ushoq1oXqCtYBU55WVYFU0jMIlkn/rO9o3vc:/0pTvwWGURnTsDng0+stCaBIvJMjzOwm
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-