General
-
Target
51e6d705ce99ff10e033894343553da9_JaffaCakes118
-
Size
513KB
-
Sample
241017-nps8lavgrc
-
MD5
51e6d705ce99ff10e033894343553da9
-
SHA1
afc3ff76f8cc9115edf549141536dbb1b901c4e9
-
SHA256
74c3e730a91d2fd37d0a64795b493e4b5c1dfe42b4545e89d0a8667d194f13dc
-
SHA512
5976355bffdd7e9898ec342b2b8fed54c5ccd32f4ad14fa8f14563e51cbcd485684e28b9c153b24140082eab78be89b8d3b8a820788f2bf6e4f8e51afd1820e9
-
SSDEEP
12288:tF1SrMEhiwdjEQYCMuBy5U5Uo4EZ4yS6/Sp3qB5Wpkl7:tfiiEjEzCMi6+Z4Zp3qbE+
Malware Config
Targets
-
-
Target
51e6d705ce99ff10e033894343553da9_JaffaCakes118
-
Size
513KB
-
MD5
51e6d705ce99ff10e033894343553da9
-
SHA1
afc3ff76f8cc9115edf549141536dbb1b901c4e9
-
SHA256
74c3e730a91d2fd37d0a64795b493e4b5c1dfe42b4545e89d0a8667d194f13dc
-
SHA512
5976355bffdd7e9898ec342b2b8fed54c5ccd32f4ad14fa8f14563e51cbcd485684e28b9c153b24140082eab78be89b8d3b8a820788f2bf6e4f8e51afd1820e9
-
SSDEEP
12288:tF1SrMEhiwdjEQYCMuBy5U5Uo4EZ4yS6/Sp3qB5Wpkl7:tfiiEjEzCMi6+Z4Zp3qbE+
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-