General
-
Target
1b86fc360babff48dd67e19f6b69803f_JaffaCakes118
-
Size
2.2MB
-
Sample
241007-fabe8szfrf
-
MD5
1b86fc360babff48dd67e19f6b69803f
-
SHA1
be996e5618c3d6a0efeedf391bea672ccf5a0058
-
SHA256
71965284079b0a4a097d904186419979e140887f4b1582a0631fab635d688b64
-
SHA512
1b0e15e90d029613dbccd057b9b75b8fa03227fb7a89fc889f94d46516702939880c355d54e7e4e6974a8921fbd684b97f7aeaf6d8cc6549d0c67a38ebcca689
-
SSDEEP
49152:cFXTXA/0pYjmvpXCorG55o6bDU0mIXTXA/0pYjmvpXCorG55o6bDU0mj:z/0pOmvR+Z/U1b/0pOmvR+Z/U1j
Malware Config
Targets
-
-
Target
1b86fc360babff48dd67e19f6b69803f_JaffaCakes118
-
Size
2.2MB
-
MD5
1b86fc360babff48dd67e19f6b69803f
-
SHA1
be996e5618c3d6a0efeedf391bea672ccf5a0058
-
SHA256
71965284079b0a4a097d904186419979e140887f4b1582a0631fab635d688b64
-
SHA512
1b0e15e90d029613dbccd057b9b75b8fa03227fb7a89fc889f94d46516702939880c355d54e7e4e6974a8921fbd684b97f7aeaf6d8cc6549d0c67a38ebcca689
-
SSDEEP
49152:cFXTXA/0pYjmvpXCorG55o6bDU0mIXTXA/0pYjmvpXCorG55o6bDU0mj:z/0pOmvR+Z/U1b/0pOmvR+Z/U1j
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-