General
-
Target
115f4dc817ab9fdcc989086fdcc50141_JaffaCakes118
-
Size
1.2MB
-
Sample
241004-ce9xtayckk
-
MD5
115f4dc817ab9fdcc989086fdcc50141
-
SHA1
3d573e72e8392d310e958da7da25f24c1add5be3
-
SHA256
63a9efa525f166b49dfbc866c837e07a8aaed6e7d7e42fc61afb8966147266cf
-
SHA512
165b4590bbc2a6302410a812e5749acb05eabcdc9872956997abaa5ea2f10c28b75f8872bb71be0b8b622be61a8e21ec6b9a4d0ee441afbfbbfcce596ae5f0a9
-
SSDEEP
24576:NzwTT6EgYrrftbhOkOcD4TgmhWgPur0bOIWBkb4u6U0BltK/e:Nz+Td3tfO7DYCSkkK0Blt0
Malware Config
Targets
-
-
Target
115f4dc817ab9fdcc989086fdcc50141_JaffaCakes118
-
Size
1.2MB
-
MD5
115f4dc817ab9fdcc989086fdcc50141
-
SHA1
3d573e72e8392d310e958da7da25f24c1add5be3
-
SHA256
63a9efa525f166b49dfbc866c837e07a8aaed6e7d7e42fc61afb8966147266cf
-
SHA512
165b4590bbc2a6302410a812e5749acb05eabcdc9872956997abaa5ea2f10c28b75f8872bb71be0b8b622be61a8e21ec6b9a4d0ee441afbfbbfcce596ae5f0a9
-
SSDEEP
24576:NzwTT6EgYrrftbhOkOcD4TgmhWgPur0bOIWBkb4u6U0BltK/e:Nz+Td3tfO7DYCSkkK0Blt0
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-