General
-
Target
efe39e17e3e4b1693ed221b1e4676e0c_JaffaCakes118
-
Size
575KB
-
Sample
240921-qnq3ysvbnp
-
MD5
efe39e17e3e4b1693ed221b1e4676e0c
-
SHA1
2a3d36c068f8e709d5743354f70b62258930dc56
-
SHA256
e7af06947d8f70d224d25fd6daef136d88a6a9b260b9d14f0db2a8c49f1a3c25
-
SHA512
eeb13645b5ccee763fb48bb3ef1ed850d9969bfc4edd5f4da47c55ef4896f7f760b4c7c85a5ca0a6e9402e538f5b0bba06f088db200f883be49e6615ad55205a
-
SSDEEP
12288:cPA3kXMoNeDWNdBvv7s/MdyywvzA7jzhwtL/WgYbqbyb7s29:qAoMop1n7s/MvAA7jlwtL/WVmyb7f
Malware Config
Targets
-
-
Target
efe39e17e3e4b1693ed221b1e4676e0c_JaffaCakes118
-
Size
575KB
-
MD5
efe39e17e3e4b1693ed221b1e4676e0c
-
SHA1
2a3d36c068f8e709d5743354f70b62258930dc56
-
SHA256
e7af06947d8f70d224d25fd6daef136d88a6a9b260b9d14f0db2a8c49f1a3c25
-
SHA512
eeb13645b5ccee763fb48bb3ef1ed850d9969bfc4edd5f4da47c55ef4896f7f760b4c7c85a5ca0a6e9402e538f5b0bba06f088db200f883be49e6615ad55205a
-
SSDEEP
12288:cPA3kXMoNeDWNdBvv7s/MdyywvzA7jzhwtL/WgYbqbyb7s29:qAoMop1n7s/MvAA7jlwtL/WVmyb7f
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-