General
-
Target
f5cce24bd37026eb0b79c9cb078f4ff2_JaffaCakes118
-
Size
1.1MB
-
Sample
241215-z9vgyaxngs
-
MD5
f5cce24bd37026eb0b79c9cb078f4ff2
-
SHA1
009f30f40288083513764820e51cbf70d6274b44
-
SHA256
c0313f40f3ff4479a70cb938870d003b324c8380c15ee5cf411f6819ce5490f5
-
SHA512
643dc046eaae71c3528bfc451521b4cd1cb2ae4ac49ebe1969f09e04586b028973c876b9a7815fdc0a0f0aca8afc961aad2e68e6b3ea093a7a5b1ba650107205
-
SSDEEP
24576:5k/ATcUIGnEICvAuIAUNF8A78CHzwwYyTPJwgVSwUcRqkUuANOvsRUBL:moTcUI42R/U18CTNbJwgITcRqBzOs
Malware Config
Targets
-
-
Target
f5cce24bd37026eb0b79c9cb078f4ff2_JaffaCakes118
-
Size
1.1MB
-
MD5
f5cce24bd37026eb0b79c9cb078f4ff2
-
SHA1
009f30f40288083513764820e51cbf70d6274b44
-
SHA256
c0313f40f3ff4479a70cb938870d003b324c8380c15ee5cf411f6819ce5490f5
-
SHA512
643dc046eaae71c3528bfc451521b4cd1cb2ae4ac49ebe1969f09e04586b028973c876b9a7815fdc0a0f0aca8afc961aad2e68e6b3ea093a7a5b1ba650107205
-
SSDEEP
24576:5k/ATcUIGnEICvAuIAUNF8A78CHzwwYyTPJwgVSwUcRqkUuANOvsRUBL:moTcUI42R/U18CTNbJwgITcRqBzOs
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-