General
-
Target
cc0543d5349df26a86ea66317e270060_JaffaCakes118
-
Size
284KB
-
Sample
241206-ke4pssvjgn
-
MD5
cc0543d5349df26a86ea66317e270060
-
SHA1
dd38b13bb3796feea349986679f99531bd0eb984
-
SHA256
0dd2ccdf9f0f0205580fab2c67f4d109599db2a0e833cb71e4aade8bed778522
-
SHA512
c130adb78a965f9edb79c42c9ed5448012a235f15d148763e3b1dc71bba1ad9d726f783be0105bd6b2b7a925f53ed427f985e59ef83a56c48dcc8cb4d13580ad
-
SSDEEP
6144:mov66ixrSGJAgQH9oELPswtnzvf9N4eKKjEWV7iR5wmDFiiFpD:3i4KQH9oEQkz/MOEG45w8TD
Malware Config
Targets
-
-
Target
cc0543d5349df26a86ea66317e270060_JaffaCakes118
-
Size
284KB
-
MD5
cc0543d5349df26a86ea66317e270060
-
SHA1
dd38b13bb3796feea349986679f99531bd0eb984
-
SHA256
0dd2ccdf9f0f0205580fab2c67f4d109599db2a0e833cb71e4aade8bed778522
-
SHA512
c130adb78a965f9edb79c42c9ed5448012a235f15d148763e3b1dc71bba1ad9d726f783be0105bd6b2b7a925f53ed427f985e59ef83a56c48dcc8cb4d13580ad
-
SSDEEP
6144:mov66ixrSGJAgQH9oELPswtnzvf9N4eKKjEWV7iR5wmDFiiFpD:3i4KQH9oEQkz/MOEG45w8TD
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-