General
-
Target
6599c61f79bc39edb0800d342281982f_JaffaCakes118
-
Size
1.1MB
-
Sample
241021-ft4wwszfnc
-
MD5
6599c61f79bc39edb0800d342281982f
-
SHA1
1f176e0c08943f68efde845034b3c12071f3c0ba
-
SHA256
d2bb826df9485b0b31a55dbe782bef51ac5b9e723d66f6fc043c0be03a7c97b1
-
SHA512
8e45dbdb4337f310d227e7e9b87c33aa295a3ba003540f5865a5a75d6c89a06c32f351736fd2e41f5373f5478d0d7a129905e6734134e71d2ef61286f8d99034
-
SSDEEP
24576:fLMPuMGw4AYJyFFbvrxFwYzMh0fe4sR5EjUTzxIPkwwiFYAS5zVgYUBS0jQ:fquMGw4arrbn17+yjUlIzwk4F
Malware Config
Targets
-
-
Target
6599c61f79bc39edb0800d342281982f_JaffaCakes118
-
Size
1.1MB
-
MD5
6599c61f79bc39edb0800d342281982f
-
SHA1
1f176e0c08943f68efde845034b3c12071f3c0ba
-
SHA256
d2bb826df9485b0b31a55dbe782bef51ac5b9e723d66f6fc043c0be03a7c97b1
-
SHA512
8e45dbdb4337f310d227e7e9b87c33aa295a3ba003540f5865a5a75d6c89a06c32f351736fd2e41f5373f5478d0d7a129905e6734134e71d2ef61286f8d99034
-
SSDEEP
24576:fLMPuMGw4AYJyFFbvrxFwYzMh0fe4sR5EjUTzxIPkwwiFYAS5zVgYUBS0jQ:fquMGw4arrbn17+yjUlIzwk4F
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-