General
-
Target
731a72c330851c00eddaaab7485e1ab7_JaffaCakes118
-
Size
1.5MB
-
Sample
241024-k9a1zawckl
-
MD5
731a72c330851c00eddaaab7485e1ab7
-
SHA1
1d915d4b2ff73fd945d7be5015148e8a0a0aa1f4
-
SHA256
5f024533a5a2ae34dd52255157eb1da31519ef8ab852c298e0fc38226d5d4783
-
SHA512
a08b34fc881d2574c886b5c676f0bd862649bb846f54f13592ea3258be95b4ad4559903e0fe83d43c77c69ba28f3ae782d776edec60f227362deebe864c7b521
-
SSDEEP
24576:M/ZwBeJgRh7/tH40tFbeiG7AhHlCGR6dwskBphv7YqokULr8K/GCYYeTY:EM/t7ip6HQGR6d8YqoF/84GCYY
Malware Config
Targets
-
-
Target
731a72c330851c00eddaaab7485e1ab7_JaffaCakes118
-
Size
1.5MB
-
MD5
731a72c330851c00eddaaab7485e1ab7
-
SHA1
1d915d4b2ff73fd945d7be5015148e8a0a0aa1f4
-
SHA256
5f024533a5a2ae34dd52255157eb1da31519ef8ab852c298e0fc38226d5d4783
-
SHA512
a08b34fc881d2574c886b5c676f0bd862649bb846f54f13592ea3258be95b4ad4559903e0fe83d43c77c69ba28f3ae782d776edec60f227362deebe864c7b521
-
SSDEEP
24576:M/ZwBeJgRh7/tH40tFbeiG7AhHlCGR6dwskBphv7YqokULr8K/GCYYeTY:EM/t7ip6HQGR6d8YqoF/84GCYY
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-