General
-
Target
JaffaCakes118_2151b3962417697f7ff01b06e87df2e8
-
Size
480KB
-
Sample
250124-pfppgsxqez
-
MD5
2151b3962417697f7ff01b06e87df2e8
-
SHA1
22953f41c93a4a870eca23da2468ddd128627190
-
SHA256
da59ea3410c527d88a366d6d96b77d1b813ea65379bf94338acef968659f76a3
-
SHA512
7e73bd425a6333c68b012ba5a59bc9f15aecfd9c0dd76e17e136c55082e8dcaff5aa7932ad8b8610fcff0897362bfe2785acd921a035e4e6a507583964d5e23b
-
SSDEEP
12288:rsuemPZSaSUkQmIWtXE4Cwj9RKp2TvgyB/HzyaxkrzPCW0PYkbm7ybL1RL:6mPZbVWtntRKpg7fzyaiLCWp7yb3L
Malware Config
Targets
-
-
Target
JaffaCakes118_2151b3962417697f7ff01b06e87df2e8
-
Size
480KB
-
MD5
2151b3962417697f7ff01b06e87df2e8
-
SHA1
22953f41c93a4a870eca23da2468ddd128627190
-
SHA256
da59ea3410c527d88a366d6d96b77d1b813ea65379bf94338acef968659f76a3
-
SHA512
7e73bd425a6333c68b012ba5a59bc9f15aecfd9c0dd76e17e136c55082e8dcaff5aa7932ad8b8610fcff0897362bfe2785acd921a035e4e6a507583964d5e23b
-
SSDEEP
12288:rsuemPZSaSUkQmIWtXE4Cwj9RKp2TvgyB/HzyaxkrzPCW0PYkbm7ybL1RL:6mPZbVWtntRKpg7fzyaiLCWp7yb3L
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-