General
-
Target
3228bbdaeebdecceb9d06c9174c3c494_JaffaCakes118
-
Size
295KB
-
Sample
241010-2t747swelp
-
MD5
3228bbdaeebdecceb9d06c9174c3c494
-
SHA1
c5cf8bc9a7d85cf0af468badca93dab9c2da889b
-
SHA256
69987942b824916ed460b6f52be04f678f5442c295beb9fdeec4bd6e9c4f0dc7
-
SHA512
9a56cdc3b634921aeb29e7e370bc3de4df5a5bcaa3e54d516dd30ce7cff0d4ca8cc04cbdbbdb896c0df50b44fdc016b3caf07ed955069b803c360a2fe81aa820
-
SSDEEP
6144:rG6x6ZJyiuWy+REvo04N2l1MYy4zZkBR+2kTeKCTypRbOmDJ8H7meBmpj:r+i+R504N2l1MYy4zZ2+2HjobOmDJveO
Malware Config
Targets
-
-
Target
3228bbdaeebdecceb9d06c9174c3c494_JaffaCakes118
-
Size
295KB
-
MD5
3228bbdaeebdecceb9d06c9174c3c494
-
SHA1
c5cf8bc9a7d85cf0af468badca93dab9c2da889b
-
SHA256
69987942b824916ed460b6f52be04f678f5442c295beb9fdeec4bd6e9c4f0dc7
-
SHA512
9a56cdc3b634921aeb29e7e370bc3de4df5a5bcaa3e54d516dd30ce7cff0d4ca8cc04cbdbbdb896c0df50b44fdc016b3caf07ed955069b803c360a2fe81aa820
-
SSDEEP
6144:rG6x6ZJyiuWy+REvo04N2l1MYy4zZkBR+2kTeKCTypRbOmDJ8H7meBmpj:r+i+R504N2l1MYy4zZ2+2HjobOmDJveO
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-