General
-
Target
fd620204c0ea7b28069a367a4c317333_JaffaCakes118
-
Size
1.1MB
-
Sample
241218-2hjbpsvreq
-
MD5
fd620204c0ea7b28069a367a4c317333
-
SHA1
813e011ba831991f8b12ed30d407738d70fb7119
-
SHA256
d74bdae572e151339afca984788e7dfc76b01ac735e499ffbe644e1d97ed4246
-
SHA512
48ba9094fa0c6ab6da6c4a777bd43d459c7a316214769b09efded4513ccb3c4b70b3873ba1b5229466f8e20b5b02ab197dd43b56620f5bbbff576738ca4b3d50
-
SSDEEP
24576:TU4oTWa1SIi2ac8tNatGKdDd3ecib5nC9Z4KXE7Xf5/k3ggu:TULTWAvi2WELf3obM9ZETfREn
Malware Config
Targets
-
-
Target
fd620204c0ea7b28069a367a4c317333_JaffaCakes118
-
Size
1.1MB
-
MD5
fd620204c0ea7b28069a367a4c317333
-
SHA1
813e011ba831991f8b12ed30d407738d70fb7119
-
SHA256
d74bdae572e151339afca984788e7dfc76b01ac735e499ffbe644e1d97ed4246
-
SHA512
48ba9094fa0c6ab6da6c4a777bd43d459c7a316214769b09efded4513ccb3c4b70b3873ba1b5229466f8e20b5b02ab197dd43b56620f5bbbff576738ca4b3d50
-
SSDEEP
24576:TU4oTWa1SIi2ac8tNatGKdDd3ecib5nC9Z4KXE7Xf5/k3ggu:TULTWAvi2WELf3obM9ZETfREn
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-