Extracted

• • Target

    90dff1d56fe6d2c812b832517657eeeb_JaffaCakes118

  • Size

    514KB

  • MD5

    90dff1d56fe6d2c812b832517657eeeb

  • SHA1

    77aa151f786010541aa305baf3e23c4a8e9894ac

  • SHA256

    e9be83e2b73a1a693d11a80fd4a321c21b6381a250cf2ccd526171a61c6084e4

  • SHA512

    cb8c57465c2cfef71d782be85dea516e09f1042052384f5931b7a9002bd95b472c2e305c27046a898c07794ab6e00f4462f6040e1e9b552265170062625ec833

  • SSDEEP

    12288:BRXeoEMVNdAWTP1kaoNdhSB1nvs9eNDfcsAjGvC:6oE+aiiRfanrNDfcjuC

  Score

  10^/10

  ardamaxdiscoverykeyloggerpersistencestealer

  • Ardamax

    A keylogger first seen in 2013.

    keyloggerstealerardamax

  • Ardamax family

    ardamax

  • Ardamax main executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  behavioral1behavioral2