General
-
Target
d2823e1de98fdb37a3b71a5c14bcd567_JaffaCakes118
-
Size
497KB
-
Sample
241207-px9e8axram
-
MD5
d2823e1de98fdb37a3b71a5c14bcd567
-
SHA1
2dd0e7d1e478c5d34633161784def2bb2a79ab19
-
SHA256
f4ae61281e5b4bb3b29b1c5e69da2201e7fbfe35bc30a1ca638ad65c10f4b872
-
SHA512
853b7ee086f91677ee1470fc97206171bdb27ea810305835fabf3b8163673118763a448e02184e783fac7dcc2b475a4a2b81aed3ca86bbf2861c662ed8c1c2f1
-
SSDEEP
12288:fTkUCrIaTbOItA0i4KXFXQYzB9FrzdU48O385WQ:IUCrIa3OUn/eQmz5dUV5
Malware Config
Targets
-
-
Target
d2823e1de98fdb37a3b71a5c14bcd567_JaffaCakes118
-
Size
497KB
-
MD5
d2823e1de98fdb37a3b71a5c14bcd567
-
SHA1
2dd0e7d1e478c5d34633161784def2bb2a79ab19
-
SHA256
f4ae61281e5b4bb3b29b1c5e69da2201e7fbfe35bc30a1ca638ad65c10f4b872
-
SHA512
853b7ee086f91677ee1470fc97206171bdb27ea810305835fabf3b8163673118763a448e02184e783fac7dcc2b475a4a2b81aed3ca86bbf2861c662ed8c1c2f1
-
SSDEEP
12288:fTkUCrIaTbOItA0i4KXFXQYzB9FrzdU48O385WQ:IUCrIa3OUn/eQmz5dUV5
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-