General
-
Target
JaffaCakes118_6efd8e2aabbb2aff33dc32bd5544c67e
-
Size
605KB
-
Sample
250103-x6qngaslcn
-
MD5
6efd8e2aabbb2aff33dc32bd5544c67e
-
SHA1
8ef66c80dc2fe528adc7a5df8ad61925b8a5819c
-
SHA256
450d49df7d4865a9f3ff0808516db83ce34cd18d12a183acbaf7a0646fa4dc60
-
SHA512
3280df63dd942a9fb9bf376586c9eb116329196131acfcf49f8bcecb376096303b7a5a164e9eed823f03293dec944022d3e881a4c7eec55c4c9c5ca0d57d42b2
-
SSDEEP
12288:KuyieOubxdCFbxdCCFHI6FQBj6O6jK5+ugmdcFAWxGsov//j1qp7:tybZOFOF8S6BW8jmej9ov3jYp7
Malware Config
Targets
-
-
Target
JaffaCakes118_6efd8e2aabbb2aff33dc32bd5544c67e
-
Size
605KB
-
MD5
6efd8e2aabbb2aff33dc32bd5544c67e
-
SHA1
8ef66c80dc2fe528adc7a5df8ad61925b8a5819c
-
SHA256
450d49df7d4865a9f3ff0808516db83ce34cd18d12a183acbaf7a0646fa4dc60
-
SHA512
3280df63dd942a9fb9bf376586c9eb116329196131acfcf49f8bcecb376096303b7a5a164e9eed823f03293dec944022d3e881a4c7eec55c4c9c5ca0d57d42b2
-
SSDEEP
12288:KuyieOubxdCFbxdCCFHI6FQBj6O6jK5+ugmdcFAWxGsov//j1qp7:tybZOFOF8S6BW8jmej9ov3jYp7
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-