General
-
Target
ac38cb6448c7a7226c08809a1531fcd2_JaffaCakes118
-
Size
561KB
-
Sample
241128-n1t92awpgs
-
MD5
ac38cb6448c7a7226c08809a1531fcd2
-
SHA1
678f271d87fa50d291fb5c6bba8c9f7941c2de75
-
SHA256
db53859f4a90c813998973b4db4699497bd8359812eb373ede28b3cf34c65e92
-
SHA512
fa6a6968208e0545d8f0907567e9e27808a3f897bfdd39b1640ab8ce98a9d5fda50fe3a32fabe460ba8a040de160324abe5b868c9b202af372dd02f93f58472e
-
SSDEEP
12288:+buSMStEMmexWuMHSJHsiImjHQEcmYwrgHzfs9VovglLJxm:+burM90DZYYw8HTs9VzLHm
Malware Config
Targets
-
-
Target
ac38cb6448c7a7226c08809a1531fcd2_JaffaCakes118
-
Size
561KB
-
MD5
ac38cb6448c7a7226c08809a1531fcd2
-
SHA1
678f271d87fa50d291fb5c6bba8c9f7941c2de75
-
SHA256
db53859f4a90c813998973b4db4699497bd8359812eb373ede28b3cf34c65e92
-
SHA512
fa6a6968208e0545d8f0907567e9e27808a3f897bfdd39b1640ab8ce98a9d5fda50fe3a32fabe460ba8a040de160324abe5b868c9b202af372dd02f93f58472e
-
SSDEEP
12288:+buSMStEMmexWuMHSJHsiImjHQEcmYwrgHzfs9VovglLJxm:+burM90DZYYw8HTs9VzLHm
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-