General
-
Target
ea9f5829604030bbf0d0ccb54a2eecf1_JaffaCakes118
-
Size
1.2MB
-
Sample
240919-fjcpna1hpc
-
MD5
ea9f5829604030bbf0d0ccb54a2eecf1
-
SHA1
e9d2c9202f0f15715f1dac111edf00af03927880
-
SHA256
0ed4fda2e12066b39c9ae710af46ab400532b6d54dfc231895723ce62b058064
-
SHA512
dd9100b2a67a8a808847add329331638da704b72f83cd9daea3f5858c0017124520a4257783fb59b20cd4b99d2faa51f15b80f2bb2c631edfebf1054dd250612
-
SSDEEP
24576:s64MVT0DPKNj/RBknP5KCXNtAkWRVL/oieCtivSI2ojW24+HcgEdtoIQ5TV5nr:s64MT0DPWjcl7FkVL/SCtivwN2r8gEd0
Malware Config
Targets
-
-
Target
ea9f5829604030bbf0d0ccb54a2eecf1_JaffaCakes118
-
Size
1.2MB
-
MD5
ea9f5829604030bbf0d0ccb54a2eecf1
-
SHA1
e9d2c9202f0f15715f1dac111edf00af03927880
-
SHA256
0ed4fda2e12066b39c9ae710af46ab400532b6d54dfc231895723ce62b058064
-
SHA512
dd9100b2a67a8a808847add329331638da704b72f83cd9daea3f5858c0017124520a4257783fb59b20cd4b99d2faa51f15b80f2bb2c631edfebf1054dd250612
-
SSDEEP
24576:s64MVT0DPKNj/RBknP5KCXNtAkWRVL/oieCtivSI2ojW24+HcgEdtoIQ5TV5nr:s64MT0DPWjcl7FkVL/SCtivwN2r8gEd0
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-