General
-
Target
f79832e9cf7ae07f3ba5fa787094bb17_JaffaCakes118
-
Size
1.5MB
-
Sample
241216-gh4x7axjb1
-
MD5
f79832e9cf7ae07f3ba5fa787094bb17
-
SHA1
5cd69cc99bd8d24a5ddcaac6d2a54609bf356a84
-
SHA256
4e4fb1af424a5c7a9fd248a2461543bcd9ec29f0561b760547b2f26cce45219e
-
SHA512
e4322e1e7cac005f8bfb8d8c52a5ae38a0b1c6cd2a79ed2585d767ecefbc35bc82672a5fc21f68a269be95949dfe15d9c7a50e55f3905db1f0bffee7cfc7c5d5
-
SSDEEP
24576:JZxTRbdQTBhbi8v5ngg5r7thUICvJio7Jh4eD2uAingnKpmeCkCtHB5u/ljiYVyf:JXTRhaPbPFthHCf7j4KAingnKkPkCT54
Malware Config
Targets
-
-
Target
f79832e9cf7ae07f3ba5fa787094bb17_JaffaCakes118
-
Size
1.5MB
-
MD5
f79832e9cf7ae07f3ba5fa787094bb17
-
SHA1
5cd69cc99bd8d24a5ddcaac6d2a54609bf356a84
-
SHA256
4e4fb1af424a5c7a9fd248a2461543bcd9ec29f0561b760547b2f26cce45219e
-
SHA512
e4322e1e7cac005f8bfb8d8c52a5ae38a0b1c6cd2a79ed2585d767ecefbc35bc82672a5fc21f68a269be95949dfe15d9c7a50e55f3905db1f0bffee7cfc7c5d5
-
SSDEEP
24576:JZxTRbdQTBhbi8v5ngg5r7thUICvJio7Jh4eD2uAingnKpmeCkCtHB5u/ljiYVyf:JXTRhaPbPFthHCf7j4KAingnKkPkCT54
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-