General
-
Target
d0f84600b606d34970d071f962d5b991_JaffaCakes118
-
Size
268KB
-
Sample
241207-gp9r1svngp
-
MD5
d0f84600b606d34970d071f962d5b991
-
SHA1
c30092a62bdd4b8bcff5ece8a24c8bd61a3290fb
-
SHA256
1dd412645d2ead7d7fb9381d935e01026814ecd3e8c26824382b0fc471d34e68
-
SHA512
7ebf7fe53fb04d49a669fa146c07f45c225e08553b85272308356afb4f2bfa09a61d13037dd98d3c20494461a054cad419657cfb7dff73d09e9fa5f5d09f45db
-
SSDEEP
6144:S7mpyGlm1hiXzWkvz8VfDuz2f2CeV3E1lTBMuYHJMxvpcJml4wSZs8O+qdT8od:S7Um18D7vYNDFaValT7Miqo8Z3Cmod
Malware Config
Targets
-
-
Target
d0f84600b606d34970d071f962d5b991_JaffaCakes118
-
Size
268KB
-
MD5
d0f84600b606d34970d071f962d5b991
-
SHA1
c30092a62bdd4b8bcff5ece8a24c8bd61a3290fb
-
SHA256
1dd412645d2ead7d7fb9381d935e01026814ecd3e8c26824382b0fc471d34e68
-
SHA512
7ebf7fe53fb04d49a669fa146c07f45c225e08553b85272308356afb4f2bfa09a61d13037dd98d3c20494461a054cad419657cfb7dff73d09e9fa5f5d09f45db
-
SSDEEP
6144:S7mpyGlm1hiXzWkvz8VfDuz2f2CeV3E1lTBMuYHJMxvpcJml4wSZs8O+qdT8od:S7Um18D7vYNDFaValT7Miqo8Z3Cmod
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-