General
-
Target
e17fef589aa821d54b7ae334343c82cc_JaffaCakes118
-
Size
502KB
-
Sample
241211-pvbq6sxlgr
-
MD5
e17fef589aa821d54b7ae334343c82cc
-
SHA1
5918c8c4b33b1e946933daf3e542062fb20eb94a
-
SHA256
d3cc9eb460f19e32e43d5c262880d3c8b019a27788c8932b9f09a562ce462a53
-
SHA512
8132ce2a70f02f326d550d94b84bda79507ce5367e60e5829ba1cd9cd2dc7d164fad97019a4a6fdb32fcd29790a800b644f068b941ed973dc0590dc08dd88889
-
SSDEEP
12288:BDXmwgyn4lMtmMEchK6WVZ6ReETDEU/gKXki:xXhgy4u3EctWT68XegYX
Malware Config
Targets
-
-
Target
e17fef589aa821d54b7ae334343c82cc_JaffaCakes118
-
Size
502KB
-
MD5
e17fef589aa821d54b7ae334343c82cc
-
SHA1
5918c8c4b33b1e946933daf3e542062fb20eb94a
-
SHA256
d3cc9eb460f19e32e43d5c262880d3c8b019a27788c8932b9f09a562ce462a53
-
SHA512
8132ce2a70f02f326d550d94b84bda79507ce5367e60e5829ba1cd9cd2dc7d164fad97019a4a6fdb32fcd29790a800b644f068b941ed973dc0590dc08dd88889
-
SSDEEP
12288:BDXmwgyn4lMtmMEchK6WVZ6ReETDEU/gKXki:xXhgy4u3EctWT68XegYX
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-