General
-
Target
dbaf7de1ec14195b8f631ce4355b45c3_JaffaCakes118
-
Size
500KB
-
Sample
241209-1l936asmev
-
MD5
dbaf7de1ec14195b8f631ce4355b45c3
-
SHA1
7c11710760b005e7faf2894587860b1316f29524
-
SHA256
7da562c405c458bd95bb84288281fe09af1ab507a0c03b9599d85ee396e45337
-
SHA512
3656334f99a7273f35553413c7f89aa5381dd20a749f1fe1e2cced3beca6a7f36a2944f2111fa672a6b224c154844cbd501059e47b58802c8b5a8739ad8bd018
-
SSDEEP
12288:+LjYl4eADZ6Qu6q6h0QZDKDpwB1k9o39dGmqjEkO:hqeoZ6Qb4Q6q1ZttQEkO
Malware Config
Targets
-
-
Target
dbaf7de1ec14195b8f631ce4355b45c3_JaffaCakes118
-
Size
500KB
-
MD5
dbaf7de1ec14195b8f631ce4355b45c3
-
SHA1
7c11710760b005e7faf2894587860b1316f29524
-
SHA256
7da562c405c458bd95bb84288281fe09af1ab507a0c03b9599d85ee396e45337
-
SHA512
3656334f99a7273f35553413c7f89aa5381dd20a749f1fe1e2cced3beca6a7f36a2944f2111fa672a6b224c154844cbd501059e47b58802c8b5a8739ad8bd018
-
SSDEEP
12288:+LjYl4eADZ6Qu6q6h0QZDKDpwB1k9o39dGmqjEkO:hqeoZ6Qb4Q6q1ZttQEkO
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-