General
-
Target
JaffaCakes118_457a12d73b4df05613b400d4c147732c
-
Size
1.4MB
-
Sample
250128-bv61essrfj
-
MD5
457a12d73b4df05613b400d4c147732c
-
SHA1
f3e9e107993eb72cac5f444e21b368059239d844
-
SHA256
fd1e2cdc0f3572ce57d22cc6983b45723050b3b28e4cf2a7cfc566fe910386bd
-
SHA512
ae25f9500382d07c23310088fdf434a79c0d0a33a3e16762b846a1c5fc5d6bfe75cb858cc9af4bfbba67a259a01f2cee0d4090a995d2d652a19e721dbe8874b7
-
SSDEEP
24576:N0NzTRglcnSeizw2d4doLXoSXgLemsO8dhq8wwQTr1otchcNwYwbhdL:N0pTRgCnSeiUdXuFXhq5wQtot6v
Malware Config
Targets
-
-
Target
JaffaCakes118_457a12d73b4df05613b400d4c147732c
-
Size
1.4MB
-
MD5
457a12d73b4df05613b400d4c147732c
-
SHA1
f3e9e107993eb72cac5f444e21b368059239d844
-
SHA256
fd1e2cdc0f3572ce57d22cc6983b45723050b3b28e4cf2a7cfc566fe910386bd
-
SHA512
ae25f9500382d07c23310088fdf434a79c0d0a33a3e16762b846a1c5fc5d6bfe75cb858cc9af4bfbba67a259a01f2cee0d4090a995d2d652a19e721dbe8874b7
-
SSDEEP
24576:N0NzTRglcnSeizw2d4doLXoSXgLemsO8dhq8wwQTr1otchcNwYwbhdL:N0pTRgCnSeiUdXuFXhq5wQtot6v
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-