General
-
Target
d385095950c0469946c0d3ede9859a35_JaffaCakes118
-
Size
1.2MB
-
Sample
241207-zfn33axqfl
-
MD5
d385095950c0469946c0d3ede9859a35
-
SHA1
aa895808025b0be5a73ae8d489c9536033b263bb
-
SHA256
c34b02197afb6505004c5c258bd2c5013b431cf245f8763bbb6c4217a9c8e13a
-
SHA512
9446cee99737fe488bec33baeabec5c28c6a50f0987875875e3ff359b2a5eb55b6d576915ac2b733d3e6fdeef75f914e70c547257da65bd59210dee984671b1b
-
SSDEEP
24576:4t4mTIKXyRUCMu1Oo1IFznRupktQVnbvwbuk1ImVG4pln3gBd29fUv/4gAL:4ttTIKCR3siktQRS5XlwgUv/z
Malware Config
Targets
-
-
Target
d385095950c0469946c0d3ede9859a35_JaffaCakes118
-
Size
1.2MB
-
MD5
d385095950c0469946c0d3ede9859a35
-
SHA1
aa895808025b0be5a73ae8d489c9536033b263bb
-
SHA256
c34b02197afb6505004c5c258bd2c5013b431cf245f8763bbb6c4217a9c8e13a
-
SHA512
9446cee99737fe488bec33baeabec5c28c6a50f0987875875e3ff359b2a5eb55b6d576915ac2b733d3e6fdeef75f914e70c547257da65bd59210dee984671b1b
-
SSDEEP
24576:4t4mTIKXyRUCMu1Oo1IFznRupktQVnbvwbuk1ImVG4pln3gBd29fUv/4gAL:4ttTIKCR3siktQRS5XlwgUv/z
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-