General
-
Target
8057fdcf26d2fb5052897939ceb2b20f_JaffaCakes118
-
Size
421KB
-
Sample
241030-zw5qra1eqm
-
MD5
8057fdcf26d2fb5052897939ceb2b20f
-
SHA1
49e2b4ea794c3389aa17f0b0da7fa1f9b071f60c
-
SHA256
1af7cf0655f318fa9b8f823b8aea476e7175f3e04d42b4e0b83547c9fddcfb54
-
SHA512
cbdb376ba9d59a2de91b1c39cfc1c70418539d685dfc561e57f4acc34520d3727a9e8bbd4e12148d184274620c88885645cffd2c161c4a86817fa8baeee0f3a3
-
SSDEEP
6144:7G6CjhM7r1V46UfNIO3mbsxUwe1kOwjKVWfWc0d4GTNFRiRzX3:7GhM3YIO3mbsxUH1ej+Wy7itn
Malware Config
Targets
-
-
Target
8057fdcf26d2fb5052897939ceb2b20f_JaffaCakes118
-
Size
421KB
-
MD5
8057fdcf26d2fb5052897939ceb2b20f
-
SHA1
49e2b4ea794c3389aa17f0b0da7fa1f9b071f60c
-
SHA256
1af7cf0655f318fa9b8f823b8aea476e7175f3e04d42b4e0b83547c9fddcfb54
-
SHA512
cbdb376ba9d59a2de91b1c39cfc1c70418539d685dfc561e57f4acc34520d3727a9e8bbd4e12148d184274620c88885645cffd2c161c4a86817fa8baeee0f3a3
-
SSDEEP
6144:7G6CjhM7r1V46UfNIO3mbsxUwe1kOwjKVWfWc0d4GTNFRiRzX3:7GhM3YIO3mbsxUH1ej+Wy7itn
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-