General
-
Target
JaffaCakes118_47c21973fda5301450767e76749e60eb
-
Size
1.0MB
-
Sample
250128-g3zh7szqcj
-
MD5
47c21973fda5301450767e76749e60eb
-
SHA1
da8f804fe4d4408c267daffb0521b0086f2188f5
-
SHA256
7de3391da2c70b2de085a81c48fb8a06fbbfba363ca85ab8d61b06ac3ed0be73
-
SHA512
8ab74850c8ad5cc894e5ca38c88f31d771f31dfdf2f8a9e16b3547fbba76c8f4f280498dde9722de0eda21692331a60a180be2fbe2bddd17ce98bf33e4367363
-
SSDEEP
24576:Oa6eoHNIRBQzoMHhHlwEohJPTkHzWpNMzE7EU6pfk8od:OeAOGPhFHohZTkTpzEBEknd
Malware Config
Targets
-
-
Target
JaffaCakes118_47c21973fda5301450767e76749e60eb
-
Size
1.0MB
-
MD5
47c21973fda5301450767e76749e60eb
-
SHA1
da8f804fe4d4408c267daffb0521b0086f2188f5
-
SHA256
7de3391da2c70b2de085a81c48fb8a06fbbfba363ca85ab8d61b06ac3ed0be73
-
SHA512
8ab74850c8ad5cc894e5ca38c88f31d771f31dfdf2f8a9e16b3547fbba76c8f4f280498dde9722de0eda21692331a60a180be2fbe2bddd17ce98bf33e4367363
-
SSDEEP
24576:Oa6eoHNIRBQzoMHhHlwEohJPTkHzWpNMzE7EU6pfk8od:OeAOGPhFHohZTkTpzEBEknd
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-