General
-
Target
b2af322b192fc3f519fae4c6a7b67a45_JaffaCakes118
-
Size
1.7MB
-
Sample
241129-vpdaps1qfk
-
MD5
b2af322b192fc3f519fae4c6a7b67a45
-
SHA1
852a6ab0575c2be323b3424768b7222b710cab0d
-
SHA256
4dce1eb91fed394d8d2d54f5c14996d0b9bbf471542d1e55e835287671e9f997
-
SHA512
b0d2a2bfb60267b15c54c6402aef2455534cd03a02729b80c0e3ebed603cddd49b2b9d15d0706f98dd5bfcd7371a7671a05f2246eae993ba203aca8aa8aa257d
-
SSDEEP
49152:HXTVrVa+WoCvIE1eDPvMaYNA2Kpkx96yW:Nc+WoCTrrA2frr
Malware Config
Targets
-
-
Target
b2af322b192fc3f519fae4c6a7b67a45_JaffaCakes118
-
Size
1.7MB
-
MD5
b2af322b192fc3f519fae4c6a7b67a45
-
SHA1
852a6ab0575c2be323b3424768b7222b710cab0d
-
SHA256
4dce1eb91fed394d8d2d54f5c14996d0b9bbf471542d1e55e835287671e9f997
-
SHA512
b0d2a2bfb60267b15c54c6402aef2455534cd03a02729b80c0e3ebed603cddd49b2b9d15d0706f98dd5bfcd7371a7671a05f2246eae993ba203aca8aa8aa257d
-
SSDEEP
49152:HXTVrVa+WoCvIE1eDPvMaYNA2Kpkx96yW:Nc+WoCTrrA2frr
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-