General
-
Target
0b88655230e2c1db6842c1779371c724_JaffaCakes118
-
Size
1.1MB
-
Sample
241002-tr1cksyhpa
-
MD5
0b88655230e2c1db6842c1779371c724
-
SHA1
8a50403c1bb5ff4550c8cdc376fd4d4099e7cbff
-
SHA256
f6efc801908ea7848d6af60581a992c74a35fbf703ed964366a9faf5102fed18
-
SHA512
af293cd9b76bdf69b48c59ff6b9e2f050359ee100c7248304a85f96358112c3a1110083995f6828c689a90c1d91ecae902d90d04dde1b92743dc80fc6fb8a69d
-
SSDEEP
24576:7ZxTSTV5nXuv6De1MbYDQX1N6Dvm8g5hFsLYjstbSFYXd7W/OxwOIkeg:7XT0Xuv6sMkDGPsqjsFSFQyOaOfe
Malware Config
Targets
-
-
Target
0b88655230e2c1db6842c1779371c724_JaffaCakes118
-
Size
1.1MB
-
MD5
0b88655230e2c1db6842c1779371c724
-
SHA1
8a50403c1bb5ff4550c8cdc376fd4d4099e7cbff
-
SHA256
f6efc801908ea7848d6af60581a992c74a35fbf703ed964366a9faf5102fed18
-
SHA512
af293cd9b76bdf69b48c59ff6b9e2f050359ee100c7248304a85f96358112c3a1110083995f6828c689a90c1d91ecae902d90d04dde1b92743dc80fc6fb8a69d
-
SSDEEP
24576:7ZxTSTV5nXuv6De1MbYDQX1N6Dvm8g5hFsLYjstbSFYXd7W/OxwOIkeg:7XT0Xuv6sMkDGPsqjsFSFQyOaOfe
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-