General
-
Target
479d31834687a29585ffba92f7247c2b_JaffaCakes118
-
Size
2.4MB
-
Sample
241015-nv4arasclh
-
MD5
479d31834687a29585ffba92f7247c2b
-
SHA1
fce40cfdb6069d2afe563cc0ea872dd030f2e461
-
SHA256
bc8e0442d62aeafa5e4f76b7e3dac470a23eebfa6362c72b0aa8fde8305eb0c3
-
SHA512
cf7d728fc68ee11491fc7d73e04007f1d060e75a1d59326af1f46094d309a09d322e2118758f36b5c47e7666507f274a2115e177d22d3df459de463ec7c05817
-
SSDEEP
49152:Hz+TbE09LpUllP/tk2A5br4nilSyGHIafpeesk/2W2w8RGbhEAmKUkG:HI5pULlG5br4XyGHI0peeskeWegm1
Malware Config
Targets
-
-
Target
479d31834687a29585ffba92f7247c2b_JaffaCakes118
-
Size
2.4MB
-
MD5
479d31834687a29585ffba92f7247c2b
-
SHA1
fce40cfdb6069d2afe563cc0ea872dd030f2e461
-
SHA256
bc8e0442d62aeafa5e4f76b7e3dac470a23eebfa6362c72b0aa8fde8305eb0c3
-
SHA512
cf7d728fc68ee11491fc7d73e04007f1d060e75a1d59326af1f46094d309a09d322e2118758f36b5c47e7666507f274a2115e177d22d3df459de463ec7c05817
-
SSDEEP
49152:Hz+TbE09LpUllP/tk2A5br4nilSyGHIafpeesk/2W2w8RGbhEAmKUkG:HI5pULlG5br4XyGHI0peeskeWegm1
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-