General
-
Target
1313d103a998558d0486af0d19c9b9b4_JaffaCakes118
-
Size
3.6MB
-
Sample
241004-m5nglszfrm
-
MD5
1313d103a998558d0486af0d19c9b9b4
-
SHA1
94d9b7a4814b7c7e796b6f45f44d41c4e3ea4fff
-
SHA256
a7ab128bb5a87746b9d62bc972c3a7a80a480958296f961334a56bfd365ff022
-
SHA512
56803e0998c98f9137266633718e1274628bf5d13283b31110eac37bd940abf59c835d9765f217de109058a99979461f04afc3a6b96b852ccfabcc9848ee76f5
-
SSDEEP
98304:eN/Oeo7aNG0qmR4VXdikR4Upm7u4NBMQiiW:e5vNG0qwgXdiu4Uz0MD
Malware Config
Targets
-
-
Target
installation.exe
-
Size
3.6MB
-
MD5
a1ac30d527ca424d85d24ff7438bdd86
-
SHA1
eda30795603064026eaf0c66ca07c57f11175f95
-
SHA256
db04a74f37a30b4ec12c44de76ef66c757172d2295a1137ebc322bd5149edb23
-
SHA512
f9434464e23f6a8d28f952b62ec8022779700f137b5ba8d316c620deb26e9dfca012fcc79e926e5cfddb23080be4531c9a59abe687258e9e673f4afe07450570
-
SSDEEP
98304:i0Npnl8aYKP2iajaXMiIWiUMkoktBg6woiP:i6DYKP2vuXMiLiUTI6I
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
update.exe
-
Size
14KB
-
MD5
60e4e4039811e409615b87a2fca5a2bb
-
SHA1
7904a3539760dc96e5c352a25d03eb55ef453dbd
-
SHA256
703c43e64c21af80f09f827e4e0fb2c7a322ce94eb5335ffa8debc903813bc99
-
SHA512
57e36c657b6377c63b936ee1e275c5c1b0b85b7cb5f97d22993f381327a7ed0502205645162b923e459e1f0531a6f5a7adfc6c1e60119b9cd9bda8ff1985960b
-
SSDEEP
192:nbWDPX6I5ANGCO4+QC+XwfhHM9NKG1t1uFqZ3c/u7RHDPLXTfbnPLvrS3mfjb2WS:65ANrC7p5Wwuvy/XtzKoQQuAEGx2Y
Score6/10-
Adds Run key to start application
-