General
-
Target
6a5ab6145030708bde3e20f64dd4aba5_JaffaCakes118
-
Size
264KB
-
Sample
241022-nz99vsvhrl
-
MD5
6a5ab6145030708bde3e20f64dd4aba5
-
SHA1
0da6b7213c4bdc8508f9e720b63f08e6a796d162
-
SHA256
02c3f5216afe8dd13ec71245e09f3f53eb8f4c76fc351166fc7aeaf72cd00cde
-
SHA512
b0de1a0e0a285918d630453e7412e619ba9f7566180fb81adbe6bec521b94013e5c4d5b658ea7bbb7a54e79d011dcb13ed891111cc531f7a215d49c143642536
-
SSDEEP
6144:smpyG8PPqlS/8ytJspjPkTg3KyhEV76dX+GAayLK1aBdEt3HbWTM4JUad/LF:sNqS8uJQTk+KfVUXJALLlBqtqRJZ
Malware Config
Targets
-
-
Target
6a5ab6145030708bde3e20f64dd4aba5_JaffaCakes118
-
Size
264KB
-
MD5
6a5ab6145030708bde3e20f64dd4aba5
-
SHA1
0da6b7213c4bdc8508f9e720b63f08e6a796d162
-
SHA256
02c3f5216afe8dd13ec71245e09f3f53eb8f4c76fc351166fc7aeaf72cd00cde
-
SHA512
b0de1a0e0a285918d630453e7412e619ba9f7566180fb81adbe6bec521b94013e5c4d5b658ea7bbb7a54e79d011dcb13ed891111cc531f7a215d49c143642536
-
SSDEEP
6144:smpyG8PPqlS/8ytJspjPkTg3KyhEV76dX+GAayLK1aBdEt3HbWTM4JUad/LF:sNqS8uJQTk+KfVUXJALLlBqtqRJZ
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-