General
-
Target
46e297b3bc53bbe517166f409f6c00c0_JaffaCakes118
-
Size
678KB
-
Sample
241015-kzgqrswapc
-
MD5
46e297b3bc53bbe517166f409f6c00c0
-
SHA1
0196dd35ef8d29771b123999ef690de849da64b5
-
SHA256
d7d630d23fd4926ccb8c57b2837d7d7f08b51039119e7ee634cab733b5af7b77
-
SHA512
b5329fdf989262fc48273ac763e93d10786baefcda39c19ac28d785debdca7ff1927c081106117f0f6388a217dbc1c50c313e4155e004e493f2daf1e51202e50
-
SSDEEP
12288:IrMMMMMMcFrGoU1FQT6snE9A8D9YW2yJrM+yZueogfnm9YAMFnftalD6TRprhp1+:0MMMMMMAiL0T6sE9A8D93RrRyZuqn0HZ
Malware Config
Targets
-
-
Target
46e297b3bc53bbe517166f409f6c00c0_JaffaCakes118
-
Size
678KB
-
MD5
46e297b3bc53bbe517166f409f6c00c0
-
SHA1
0196dd35ef8d29771b123999ef690de849da64b5
-
SHA256
d7d630d23fd4926ccb8c57b2837d7d7f08b51039119e7ee634cab733b5af7b77
-
SHA512
b5329fdf989262fc48273ac763e93d10786baefcda39c19ac28d785debdca7ff1927c081106117f0f6388a217dbc1c50c313e4155e004e493f2daf1e51202e50
-
SSDEEP
12288:IrMMMMMMcFrGoU1FQT6snE9A8D9YW2yJrM+yZueogfnm9YAMFnftalD6TRprhp1+:0MMMMMMAiL0T6sE9A8D93RrRyZuqn0HZ
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-