General
-
Target
JaffaCakes118_174369d77153f3486c5052562ab45c17
-
Size
412KB
-
Sample
250123-pszp8aznay
-
MD5
174369d77153f3486c5052562ab45c17
-
SHA1
acdbe1e00cba24ee96136509954f5045c4cf5343
-
SHA256
c6fc65385178249668171fed48e5e181fc2d4639236accae70038f7b9e4f83bb
-
SHA512
03f80b2b115ec35df6d072ce46c4a637ff5f456d71b3fbf2bc21f23c47e4d80e29235455eca3659c65ccb22ff23c4df4819354c0d7a18836ad28f68cab742fdb
-
SSDEEP
12288:i0AfEnZcqwIt1z3rxbXXwoPhkA89WEkAPiBZCGNK4P:+QZcfgtb9woJkJ9Wl+iBZHNK4P
Malware Config
Targets
-
-
Target
JaffaCakes118_174369d77153f3486c5052562ab45c17
-
Size
412KB
-
MD5
174369d77153f3486c5052562ab45c17
-
SHA1
acdbe1e00cba24ee96136509954f5045c4cf5343
-
SHA256
c6fc65385178249668171fed48e5e181fc2d4639236accae70038f7b9e4f83bb
-
SHA512
03f80b2b115ec35df6d072ce46c4a637ff5f456d71b3fbf2bc21f23c47e4d80e29235455eca3659c65ccb22ff23c4df4819354c0d7a18836ad28f68cab742fdb
-
SSDEEP
12288:i0AfEnZcqwIt1z3rxbXXwoPhkA89WEkAPiBZCGNK4P:+QZcfgtb9woJkJ9Wl+iBZHNK4P
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-