Extracted

• • Target

    5e7513cb6231f124202feb9c6fff5f8c_JaffaCakes118

  • Size

    1.2MB

  • MD5

    5e7513cb6231f124202feb9c6fff5f8c

  • SHA1

    0c226a252c631bd9dfec8691116e400051e9c8ea

  • SHA256

    c69bdd84f2975702cdf824c22c083b3bac5dd831ff501f2505ad2cbd9a686211

  • SHA512

    8e09ad9213cbcb0c1ae53deada825e6b670a5c6764969752ce2b47e434ca15c00ac5959fc6d398fd541fd613b29e83a62d21e28a755875964f7389461ae9c2e1

  • SSDEEP

    24576:P8NYABaUhRVw2f0UNHvGoV1ItrMnIudGqUnKAusuirmEFjy4X4o5:P8NYAY0wvUNPGo0RSEbKAjuirmtY5

  Score

  10^/10

  ardamaxdiscoverykeyloggerpersistencestealer

  • Ardamax

    A keylogger first seen in 2013.

    keyloggerstealerardamax

  • Ardamax main executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2