General
-
Target
598f8a04b3255072f5eda5d3e6d475ed_JaffaCakes118
-
Size
482KB
-
Sample
241018-1v9hzszhrg
-
MD5
598f8a04b3255072f5eda5d3e6d475ed
-
SHA1
a79a73d5dc3f2a6697cba5287e7bd6001783e163
-
SHA256
5622f8bc906b8e10e6b769f493ae0d4f8e5cb3a65726536467d8029965f6dca9
-
SHA512
ebefdbd8a9eff3e2998ad533e134aec388afb05f3b89507fae21f3f9e7267ca1b57ed788ca299d1b950fc54ad192f66b78e6477b3091bb72f6bf3913aee59661
-
SSDEEP
12288:P9tSGR7k49EzHbglatHP9P8LZRHWDB77Iu9ZmI2/:1tSGl3EzHbglMF6HHWDB4u9ZmI2/
Malware Config
Targets
-
-
Target
598f8a04b3255072f5eda5d3e6d475ed_JaffaCakes118
-
Size
482KB
-
MD5
598f8a04b3255072f5eda5d3e6d475ed
-
SHA1
a79a73d5dc3f2a6697cba5287e7bd6001783e163
-
SHA256
5622f8bc906b8e10e6b769f493ae0d4f8e5cb3a65726536467d8029965f6dca9
-
SHA512
ebefdbd8a9eff3e2998ad533e134aec388afb05f3b89507fae21f3f9e7267ca1b57ed788ca299d1b950fc54ad192f66b78e6477b3091bb72f6bf3913aee59661
-
SSDEEP
12288:P9tSGR7k49EzHbglatHP9P8LZRHWDB77Iu9ZmI2/:1tSGl3EzHbglMF6HHWDB4u9ZmI2/
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-