General
-
Target
5a1275dbadb7dc5f61a08466d1f4bf82_JaffaCakes118
-
Size
480KB
-
Sample
241019-a91xaaxcle
-
MD5
5a1275dbadb7dc5f61a08466d1f4bf82
-
SHA1
f80aea24d7e17f4ef14c7ff3a2298d757bf4bbe8
-
SHA256
a80c8303958d8c259e63a73c6920822068e8e8ee052de247bde2f5fbc1c20bf8
-
SHA512
4f12591ed3c7e1149c884a5f3fa734d3795437ba5e0a4310a4089cd0de0e1961426ff4d91d5b4cc8785c80d82c1e176c608f4f5e26756a466c3ac4cdf4e3241e
-
SSDEEP
12288:AlfdC0qvHgGgOviQOD4bQleKfizvDpKVB:70mfviQ973vDpKVB
Malware Config
Targets
-
-
Target
5a1275dbadb7dc5f61a08466d1f4bf82_JaffaCakes118
-
Size
480KB
-
MD5
5a1275dbadb7dc5f61a08466d1f4bf82
-
SHA1
f80aea24d7e17f4ef14c7ff3a2298d757bf4bbe8
-
SHA256
a80c8303958d8c259e63a73c6920822068e8e8ee052de247bde2f5fbc1c20bf8
-
SHA512
4f12591ed3c7e1149c884a5f3fa734d3795437ba5e0a4310a4089cd0de0e1961426ff4d91d5b4cc8785c80d82c1e176c608f4f5e26756a466c3ac4cdf4e3241e
-
SSDEEP
12288:AlfdC0qvHgGgOviQOD4bQleKfizvDpKVB:70mfviQ973vDpKVB
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-