General
-
Target
JaffaCakes118_31c694c056632ecb92cfbd50732269ac
-
Size
1.6MB
-
Sample
250126-c3fnwaymdz
-
MD5
31c694c056632ecb92cfbd50732269ac
-
SHA1
1e1ea136eb73c064f8a0cf1a63dd576e347674c0
-
SHA256
52c2cec2c7cdcb1eb00d42119d8858b829b2995532aba6b0b294ba9e9a5f492f
-
SHA512
93ec165f0d18ba2ea9e7d3b8ace95321858d95115bfde3417b5f7e55c91f944d22aa77e4c67f71a8930c0e366de437266e8dc2c0a20a606381aceae06544f1c3
-
SSDEEP
24576:2IoIjIbgyLC495467SBzVZSjSVecvf062DYuVtrg4YfCq3n+J9AukFPl9kONLP/U:2M8bdLp54RzWjq3eYuuCo+sB+w3C7zow
Malware Config
Targets
-
-
Target
JaffaCakes118_31c694c056632ecb92cfbd50732269ac
-
Size
1.6MB
-
MD5
31c694c056632ecb92cfbd50732269ac
-
SHA1
1e1ea136eb73c064f8a0cf1a63dd576e347674c0
-
SHA256
52c2cec2c7cdcb1eb00d42119d8858b829b2995532aba6b0b294ba9e9a5f492f
-
SHA512
93ec165f0d18ba2ea9e7d3b8ace95321858d95115bfde3417b5f7e55c91f944d22aa77e4c67f71a8930c0e366de437266e8dc2c0a20a606381aceae06544f1c3
-
SSDEEP
24576:2IoIjIbgyLC495467SBzVZSjSVecvf062DYuVtrg4YfCq3n+J9AukFPl9kONLP/U:2M8bdLp54RzWjq3eYuuCo+sB+w3C7zow
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-