General
-
Target
5d97eddf4ce51c5604f97b6a8c37e752_JaffaCakes118
-
Size
289KB
-
Sample
241019-t7d5aayapq
-
MD5
5d97eddf4ce51c5604f97b6a8c37e752
-
SHA1
af5b4b430adb928ae440324f60c0691787846ad4
-
SHA256
d63515b0562d08252069d37a54ecc8edf6c28f06da3a7e937a21e83d25c806d9
-
SHA512
21953cf23b5f79232ad13bea0b0a32160e13571253cb810ab8f5ed28e9064263cc034fde1a21cafa971b1911c1bb351635d1c7b9dc7311eecf016fc03b551036
-
SSDEEP
6144:aT16276Gd37WAmXmpyGc2YBPJQWQcwu2hUGe2LA9mzC6:ac2e8rWZP22PCWX2hb3y6
Malware Config
Targets
-
-
Target
5d97eddf4ce51c5604f97b6a8c37e752_JaffaCakes118
-
Size
289KB
-
MD5
5d97eddf4ce51c5604f97b6a8c37e752
-
SHA1
af5b4b430adb928ae440324f60c0691787846ad4
-
SHA256
d63515b0562d08252069d37a54ecc8edf6c28f06da3a7e937a21e83d25c806d9
-
SHA512
21953cf23b5f79232ad13bea0b0a32160e13571253cb810ab8f5ed28e9064263cc034fde1a21cafa971b1911c1bb351635d1c7b9dc7311eecf016fc03b551036
-
SSDEEP
6144:aT16276Gd37WAmXmpyGc2YBPJQWQcwu2hUGe2LA9mzC6:ac2e8rWZP22PCWX2hb3y6
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-