General
-
Target
JaffaCakes118_78c82bfa843649efd961288a07c76425
-
Size
499KB
-
Sample
250104-ks55savjam
-
MD5
78c82bfa843649efd961288a07c76425
-
SHA1
4066208f57cf650b6a265b50e1bcff3463e4fa8d
-
SHA256
b3ba59dcd59a9ca660792d77ed49d2ef3ef03b588c3c0cbc3c28eb327aa96675
-
SHA512
3c41df102ecbe99cd0c4f6b7c9c35d1f5509faf55802cd4eec01f8e58d1754b85c5da58a8ec1feda90d0303b76f39981db389b0f885314aec9ab9907f26af88a
-
SSDEEP
6144:qG6vyhUywhCjJGtrFOXy6MqG44Ctyn7swTRZp9wSM3ceMB+mHzgNLo4ErprTz9Lw:qLpYoPq7txwTRCCeeil49TKVd
Malware Config
Extracted
Protocol: ftp- Host:
ftp.drivehq.com - Port:
21 - Username:
whatayd
Targets
-
-
Target
JaffaCakes118_78c82bfa843649efd961288a07c76425
-
Size
499KB
-
MD5
78c82bfa843649efd961288a07c76425
-
SHA1
4066208f57cf650b6a265b50e1bcff3463e4fa8d
-
SHA256
b3ba59dcd59a9ca660792d77ed49d2ef3ef03b588c3c0cbc3c28eb327aa96675
-
SHA512
3c41df102ecbe99cd0c4f6b7c9c35d1f5509faf55802cd4eec01f8e58d1754b85c5da58a8ec1feda90d0303b76f39981db389b0f885314aec9ab9907f26af88a
-
SSDEEP
6144:qG6vyhUywhCjJGtrFOXy6MqG44Ctyn7swTRZp9wSM3ceMB+mHzgNLo4ErprTz9Lw:qLpYoPq7txwTRCCeeil49TKVd
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-