General
-
Target
e1dc035a17382c5c1aa6d56811f7ce84_JaffaCakes118
-
Size
311KB
-
Sample
241211-rplqaszrfq
-
MD5
e1dc035a17382c5c1aa6d56811f7ce84
-
SHA1
74a335583c5fe4bbfe5f9d9e7065a7634dbbf9ba
-
SHA256
c4a971dd295fe3200698e731e2913e0a0b401fd0725a82278cf6886551929ded
-
SHA512
381084d857aa7e2a64d015a94292e9219c4db29776e9636ef2af98f7a4981edc3a5b43d1015514a2f93a293ff615c7183cc45c0f03b95ff5a02e3755e466083c
-
SSDEEP
6144:pdG6uYDj53oFnbY18Wa2/GDq9uaEWrWBX9sYjHl2l48Qb5:pdFfr1p//GDk1WBX9sYjHYQt
Malware Config
Targets
-
-
Target
e1dc035a17382c5c1aa6d56811f7ce84_JaffaCakes118
-
Size
311KB
-
MD5
e1dc035a17382c5c1aa6d56811f7ce84
-
SHA1
74a335583c5fe4bbfe5f9d9e7065a7634dbbf9ba
-
SHA256
c4a971dd295fe3200698e731e2913e0a0b401fd0725a82278cf6886551929ded
-
SHA512
381084d857aa7e2a64d015a94292e9219c4db29776e9636ef2af98f7a4981edc3a5b43d1015514a2f93a293ff615c7183cc45c0f03b95ff5a02e3755e466083c
-
SSDEEP
6144:pdG6uYDj53oFnbY18Wa2/GDq9uaEWrWBX9sYjHl2l48Qb5:pdFfr1p//GDk1WBX9sYjHYQt
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-