General
-
Target
51b879c7df1c35faf43c53a689f598ed_JaffaCakes118
-
Size
1.2MB
-
Sample
241017-mhf41stcqa
-
MD5
51b879c7df1c35faf43c53a689f598ed
-
SHA1
794681abc336e31a77748a4018a77b6d75fd362a
-
SHA256
48e01cfe253b63d096944c544cb34d7b3fca21c5db8dedde51902893c0440591
-
SHA512
e7488902cbea4d6585e7a7aaaddeb690096d847260132c8072237e5c1783f2b2aca0e5c0c40af5597768d95f264e6dfd5fe6ec2ff49c9d2c1a693143bd659ecf
-
SSDEEP
24576:r3LJTZLp32adGZTWoKpD7COJInJhAA0UlzC+dF+kcTBL6Mdn6oT5+cMgF/Is5U:r3tTe2GcnCO+2uzBz+kohlN+gF5
Malware Config
Targets
-
-
Target
51b879c7df1c35faf43c53a689f598ed_JaffaCakes118
-
Size
1.2MB
-
MD5
51b879c7df1c35faf43c53a689f598ed
-
SHA1
794681abc336e31a77748a4018a77b6d75fd362a
-
SHA256
48e01cfe253b63d096944c544cb34d7b3fca21c5db8dedde51902893c0440591
-
SHA512
e7488902cbea4d6585e7a7aaaddeb690096d847260132c8072237e5c1783f2b2aca0e5c0c40af5597768d95f264e6dfd5fe6ec2ff49c9d2c1a693143bd659ecf
-
SSDEEP
24576:r3LJTZLp32adGZTWoKpD7COJInJhAA0UlzC+dF+kcTBL6Mdn6oT5+cMgF/Is5U:r3tTe2GcnCO+2uzBz+kohlN+gF5
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-