General
-
Target
JaffaCakes118_380ae6ae87aa0afb28a39016b5516757
-
Size
2.2MB
-
Sample
250126-wzl62aznbn
-
MD5
380ae6ae87aa0afb28a39016b5516757
-
SHA1
b85c0ac2958fc6c9e5411d16aca6d5c1be47cbcb
-
SHA256
aebfa75d535251557da308e4f414c42abccba893844363e54b60aa3d235e72d8
-
SHA512
b0297fa543682e552666458d6e5776ad98fcd8a5754f9a4b615939bd0f36543626c2b8051166012348dc814c57d2bb971ec7d13ea0a7e594fc8f289077dba786
-
SSDEEP
49152:oXTYCbQht9tgfeZhXXGeZgwdoBtaMVLXTYCbQht9tgfeZhXXGeZgwdoBtaMV:HCUht9tgGZhXXjZiBtzgCUht9tgGZhXO
Malware Config
Targets
-
-
Target
JaffaCakes118_380ae6ae87aa0afb28a39016b5516757
-
Size
2.2MB
-
MD5
380ae6ae87aa0afb28a39016b5516757
-
SHA1
b85c0ac2958fc6c9e5411d16aca6d5c1be47cbcb
-
SHA256
aebfa75d535251557da308e4f414c42abccba893844363e54b60aa3d235e72d8
-
SHA512
b0297fa543682e552666458d6e5776ad98fcd8a5754f9a4b615939bd0f36543626c2b8051166012348dc814c57d2bb971ec7d13ea0a7e594fc8f289077dba786
-
SSDEEP
49152:oXTYCbQht9tgfeZhXXGeZgwdoBtaMVLXTYCbQht9tgfeZhXXGeZgwdoBtaMV:HCUht9tgGZhXXjZiBtzgCUht9tgGZhXO
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-