General
-
Target
435345a63b327a62a825b760641f2dac_JaffaCakes118
-
Size
1.2MB
-
Sample
241014-vxmjca1aln
-
MD5
435345a63b327a62a825b760641f2dac
-
SHA1
7a8c995fba82e7e2a1b9b5a12ae7b344b3495213
-
SHA256
639cbd999f44929bd68c86883f34be623e835a77c3d59fc10c2e73289f138ea1
-
SHA512
76fd5946f60ff5365037b7e9ff0c7ba3e44070d54fedfd068e3a4855a818e57046809289bf9cb5a8623e6ba2ab98020f190b1862864764144674be9a06523019
-
SSDEEP
24576:x0NzTLLdEYPV2FByrwzbZWeSGhJYuZ9Hrb3faiFO+njV:x0pTXmO2eruPjY+9HrbPa0O+n
Malware Config
Targets
-
-
Target
435345a63b327a62a825b760641f2dac_JaffaCakes118
-
Size
1.2MB
-
MD5
435345a63b327a62a825b760641f2dac
-
SHA1
7a8c995fba82e7e2a1b9b5a12ae7b344b3495213
-
SHA256
639cbd999f44929bd68c86883f34be623e835a77c3d59fc10c2e73289f138ea1
-
SHA512
76fd5946f60ff5365037b7e9ff0c7ba3e44070d54fedfd068e3a4855a818e57046809289bf9cb5a8623e6ba2ab98020f190b1862864764144674be9a06523019
-
SSDEEP
24576:x0NzTLLdEYPV2FByrwzbZWeSGhJYuZ9Hrb3faiFO+njV:x0pTXmO2eruPjY+9HrbPa0O+n
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-