General
-
Target
e503896542a0b060e76aedac3ae28b7d_JaffaCakes118
-
Size
1.2MB
-
Sample
241212-gp7yesxkbj
-
MD5
e503896542a0b060e76aedac3ae28b7d
-
SHA1
2a23273d34be236de842fca7bceec29023124d24
-
SHA256
2278727a4c05cb69cf0b2f885cf4aed70c2acf9267ac8116ea9c136fbf431b23
-
SHA512
134b7db6109927f410d0ab1c608c76ebf2a3c8f9c4bee2425a8bce7634ab27847f7bd6d04d0039843465d7c80863be272e3b4c9cdb975e1ad743c84bfb97ae12
-
SSDEEP
24576:X0NzT7BxPhnoLhLjhFdLIR5AzMcw872OyiaI3r1QhROCbCXYhdpNLbdNr:X0pT7BnchLjhFdLgSAcw8721P5ZGXG/B
Malware Config
Extracted
Protocol: ftp- Host:
ftp.drivehq.com - Port:
21 - Username:
palembang123
Targets
-
-
Target
e503896542a0b060e76aedac3ae28b7d_JaffaCakes118
-
Size
1.2MB
-
MD5
e503896542a0b060e76aedac3ae28b7d
-
SHA1
2a23273d34be236de842fca7bceec29023124d24
-
SHA256
2278727a4c05cb69cf0b2f885cf4aed70c2acf9267ac8116ea9c136fbf431b23
-
SHA512
134b7db6109927f410d0ab1c608c76ebf2a3c8f9c4bee2425a8bce7634ab27847f7bd6d04d0039843465d7c80863be272e3b4c9cdb975e1ad743c84bfb97ae12
-
SSDEEP
24576:X0NzT7BxPhnoLhLjhFdLIR5AzMcw872OyiaI3r1QhROCbCXYhdpNLbdNr:X0pT7BnchLjhFdLgSAcw8721P5ZGXG/B
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-