General
-
Target
1ba9103a1fcffda3bbc87e929a58cb26_JaffaCakes118
-
Size
1.2MB
-
Sample
241007-fwae3axglk
-
MD5
1ba9103a1fcffda3bbc87e929a58cb26
-
SHA1
03bba0b394b1210e3237fd22411611df3ca15dfb
-
SHA256
62597174f6d63dcd5b71038384f6d3ed44b46b1954b1198f625ebe4ad6b73e9d
-
SHA512
a9b5f166c0b153a07915487033c836e5b169b60d593873b94e1ceb90b2b6d345181f45f08da36e371de1920d01ed455ac31fffc759122225a54706b084190980
-
SSDEEP
24576:qs6PZBuhGKAueqmJKtwQW0Y6dXjRBVFIIrBQ7TmOHOvglBJH:P6fUrmJwJp0iQ/mOdbH
Malware Config
Targets
-
-
Target
1ba9103a1fcffda3bbc87e929a58cb26_JaffaCakes118
-
Size
1.2MB
-
MD5
1ba9103a1fcffda3bbc87e929a58cb26
-
SHA1
03bba0b394b1210e3237fd22411611df3ca15dfb
-
SHA256
62597174f6d63dcd5b71038384f6d3ed44b46b1954b1198f625ebe4ad6b73e9d
-
SHA512
a9b5f166c0b153a07915487033c836e5b169b60d593873b94e1ceb90b2b6d345181f45f08da36e371de1920d01ed455ac31fffc759122225a54706b084190980
-
SSDEEP
24576:qs6PZBuhGKAueqmJKtwQW0Y6dXjRBVFIIrBQ7TmOHOvglBJH:P6fUrmJwJp0iQ/mOdbH
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-