General
-
Target
87f4271ae8d5c67a7211d57c5e1ff1a2_JaffaCakes118
-
Size
480KB
-
Sample
241102-1n7qtawldt
-
MD5
87f4271ae8d5c67a7211d57c5e1ff1a2
-
SHA1
613cf83a84e324b3c04adf44e21f51dedbf5877d
-
SHA256
e9813b538392c27b58741b0bedc381d4681d414596eb33c4a2aed8f4e5bbc723
-
SHA512
fd03fa91ad489534654c4d6827c879958dea2e0936586df72b26c65ab59ff3b9eefe1ce71a72d46726578509116310678eecebf2f3204972f312b5d403b81139
-
SSDEEP
12288:u1QEAPL0LCySQ0Q1JoyTEYwfqEmQZ1uxrSgtgXq4peHb7gR77:BEAT0izfdnfqEvTuxTd77Yv
Malware Config
Targets
-
-
Target
87f4271ae8d5c67a7211d57c5e1ff1a2_JaffaCakes118
-
Size
480KB
-
MD5
87f4271ae8d5c67a7211d57c5e1ff1a2
-
SHA1
613cf83a84e324b3c04adf44e21f51dedbf5877d
-
SHA256
e9813b538392c27b58741b0bedc381d4681d414596eb33c4a2aed8f4e5bbc723
-
SHA512
fd03fa91ad489534654c4d6827c879958dea2e0936586df72b26c65ab59ff3b9eefe1ce71a72d46726578509116310678eecebf2f3204972f312b5d403b81139
-
SSDEEP
12288:u1QEAPL0LCySQ0Q1JoyTEYwfqEmQZ1uxrSgtgXq4peHb7gR77:BEAT0izfdnfqEvTuxTd77Yv
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-