General
-
Target
c6c0d7406df383aec1026d811397200b_JaffaCakes118
-
Size
480KB
-
Sample
241205-j37wpa1rfm
-
MD5
c6c0d7406df383aec1026d811397200b
-
SHA1
89c2d839aa444e017fe5423abb992ce3452a319b
-
SHA256
8169db876048165352ba1bb0a0a3f4c1861bad4e2b020432e05bb5a68ee9f993
-
SHA512
cd91becb528dd3cd0f079975b423736d4d6f005af49327134ed7df0434cbfcc2f07e04a3c4d3ad66e6cb9ff0e17d80c96d1ce767e8a46fe0539fcca03cc2f7a1
-
SSDEEP
12288:uXB+xaouluW2Tu0vHvqgsU3XdcuAaaZ4lsRJFj1Xz0U:uxwE4K0vSgx3ObSMFjFv
Malware Config
Targets
-
-
Target
Trojan-Dropper.Win32.Delf.crw
-
Size
489KB
-
MD5
03f46894c162c72db745d1d2a860902a
-
SHA1
0584d0b038cf8172b539ca692295c9a85fcade1a
-
SHA256
199b3eedfc324386e9d9054e9bcb350a9cb4a98e725042142497ad27ba30ce68
-
SHA512
c0b85a4675e28cfadb72b91f6e69662331a0b66d740ce880532973728336cbfd1d28c29ebda5dc5ca24cddefaf9ec027c58a6a8b536aa7f89ad36ea7c870d7ac
-
SSDEEP
12288:pfmxUoQ/uI2TuMvHLegSA1lBcG2QaZAvs5JPjFXlJ6:RIIqKMvagt1cbGiPjVO
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-