General
-
Target
19c0b5f6787a938879203d70c49b7f74_JaffaCakes118
-
Size
755KB
-
Sample
241006-z1tt2szgmd
-
MD5
19c0b5f6787a938879203d70c49b7f74
-
SHA1
e1f9b9c243762834a9bc6e537567a81dcd9747c4
-
SHA256
c9e8205e469397f3e05a71c53f1380fa48daa191094e9683a527c80c080c20dd
-
SHA512
2494264725b776da10e55925f8f663ac1e5dc1fa51ddc178f000361bdd5845bc57a3b8913a5b0685139abcf30aa9a6558795f8a30a274a855986dd32a7f6a8f4
-
SSDEEP
12288:XzbQJ7zvsG48uhmnz0zPrLd0bb3vLHN2iq+v3n9fwOxT9WSU0:Dbcjo8YmnUPqjHN2iRhTWV0
Malware Config
Targets
-
-
Target
19c0b5f6787a938879203d70c49b7f74_JaffaCakes118
-
Size
755KB
-
MD5
19c0b5f6787a938879203d70c49b7f74
-
SHA1
e1f9b9c243762834a9bc6e537567a81dcd9747c4
-
SHA256
c9e8205e469397f3e05a71c53f1380fa48daa191094e9683a527c80c080c20dd
-
SHA512
2494264725b776da10e55925f8f663ac1e5dc1fa51ddc178f000361bdd5845bc57a3b8913a5b0685139abcf30aa9a6558795f8a30a274a855986dd32a7f6a8f4
-
SSDEEP
12288:XzbQJ7zvsG48uhmnz0zPrLd0bb3vLHN2iq+v3n9fwOxT9WSU0:Dbcjo8YmnUPqjHN2iRhTWV0
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-