General
-
Target
JaffaCakes118_03d93bafb2ae535989c49881f2f361cd
-
Size
291KB
-
Sample
250121-mb8kpayldv
-
MD5
03d93bafb2ae535989c49881f2f361cd
-
SHA1
fd450baf1b8f85002ec131dbc751a202ed4b21a5
-
SHA256
b9f7e35be38d618a7612fdca540a8a76eae5e73ea9d8d17c94e40fbbaf9e04d6
-
SHA512
0eedff9738ed815c12c2319406b8b65c1ed7843bf466110334357de425f44c0c956ba6c268ba59ca39162ae50949e2c2b2fb3c14ce1c4574daa4893a45c624f0
-
SSDEEP
6144:zrQ6N34L+7BUXxRTBBZdxPdY62ernqcSF54URZa9MVGVvxNOYIQ:zrQ+4La+XvdB3xPdYujqx5jZa+ovnOYJ
Malware Config
Targets
-
-
Target
JaffaCakes118_03d93bafb2ae535989c49881f2f361cd
-
Size
291KB
-
MD5
03d93bafb2ae535989c49881f2f361cd
-
SHA1
fd450baf1b8f85002ec131dbc751a202ed4b21a5
-
SHA256
b9f7e35be38d618a7612fdca540a8a76eae5e73ea9d8d17c94e40fbbaf9e04d6
-
SHA512
0eedff9738ed815c12c2319406b8b65c1ed7843bf466110334357de425f44c0c956ba6c268ba59ca39162ae50949e2c2b2fb3c14ce1c4574daa4893a45c624f0
-
SSDEEP
6144:zrQ6N34L+7BUXxRTBBZdxPdY62ernqcSF54URZa9MVGVvxNOYIQ:zrQ+4La+XvdB3xPdYujqx5jZa+ovnOYJ
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-