General
-
Target
JaffaCakes118_2771470fae1152233d2136ca5a126546
-
Size
735KB
-
Sample
250125-c2k7zasnfm
-
MD5
2771470fae1152233d2136ca5a126546
-
SHA1
6b3679e4839fdf1424e7605bc3e921e3c8f9ffea
-
SHA256
5a3bc6f883a9e7b63f158bbfb8d688b8876109b47cfaffecadd4e537e5d9f76b
-
SHA512
e9294cf1b2f40d0ae97738137a3c814051f234023663ce7854cf8d41de59c8db4457271030d7564e555e954c96aa4d27b045efba06529014240fe026af46a91d
-
SSDEEP
12288:OWzjD9io+xcebpu/9z1jWDW+gu+8Px2fSIuoZsxAifoWdJqpFH947VjV:bzjD9i4OA9z163M67oZkBCFd4xV
Malware Config
Targets
-
-
Target
JaffaCakes118_2771470fae1152233d2136ca5a126546
-
Size
735KB
-
MD5
2771470fae1152233d2136ca5a126546
-
SHA1
6b3679e4839fdf1424e7605bc3e921e3c8f9ffea
-
SHA256
5a3bc6f883a9e7b63f158bbfb8d688b8876109b47cfaffecadd4e537e5d9f76b
-
SHA512
e9294cf1b2f40d0ae97738137a3c814051f234023663ce7854cf8d41de59c8db4457271030d7564e555e954c96aa4d27b045efba06529014240fe026af46a91d
-
SSDEEP
12288:OWzjD9io+xcebpu/9z1jWDW+gu+8Px2fSIuoZsxAifoWdJqpFH947VjV:bzjD9i4OA9z163M67oZkBCFd4xV
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-