General
-
Target
e46363af24e4e7e31441115ada17ad40_JaffaCakes118
-
Size
1.1MB
-
Sample
241212-dhzfxsykct
-
MD5
e46363af24e4e7e31441115ada17ad40
-
SHA1
e0049b9eb0d42dd024cd0f41aa573e492bc365f4
-
SHA256
da67ee3ddc63494d97b772ffe58edf1b564c322b4b5a711e5f93d18d767feb02
-
SHA512
81c1f26daf9eeea995691aaffd55792a9f2d112206e2eacf60240eb72969e3a7a7cd2c5b39c1961b53e450f957715aa113f44e882cc793562cf04f01defe7a88
-
SSDEEP
24576:9ZxTmMZp38EvO6M1ou3bHkDj8DjFC2qL4kriUAVBSAL/ktTNlSjR58ftm:9XTmM38MOhYuFC2q8PhiTNlk
Malware Config
Targets
-
-
Target
e46363af24e4e7e31441115ada17ad40_JaffaCakes118
-
Size
1.1MB
-
MD5
e46363af24e4e7e31441115ada17ad40
-
SHA1
e0049b9eb0d42dd024cd0f41aa573e492bc365f4
-
SHA256
da67ee3ddc63494d97b772ffe58edf1b564c322b4b5a711e5f93d18d767feb02
-
SHA512
81c1f26daf9eeea995691aaffd55792a9f2d112206e2eacf60240eb72969e3a7a7cd2c5b39c1961b53e450f957715aa113f44e882cc793562cf04f01defe7a88
-
SSDEEP
24576:9ZxTmMZp38EvO6M1ou3bHkDj8DjFC2qL4kriUAVBSAL/ktTNlSjR58ftm:9XTmM38MOhYuFC2q8PhiTNlk
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-