General
-
Target
JaffaCakes118_47cba29117228ef631f5c20383fa793b
-
Size
339KB
-
Sample
250128-g6basazraq
-
MD5
47cba29117228ef631f5c20383fa793b
-
SHA1
4e2141a5e4804d08c94698c081887b6d427ccdd8
-
SHA256
eac23c9cc854335ebbd754c59025fb5a5fa5751305479f777d2495c0d12b3237
-
SHA512
faa66029ae46af127143b96f87e7328df5f834d6cd5ef0013a093adec1a5c6a9b3bb28f8ca8b8c47efd69553b1ea2fc3b3d9ac1c62459a21e861c4a7d78364e6
-
SSDEEP
6144:T0cUG6u+VcfwK0VsVtJE7qSOXUk/0whhbsvv4MR9UkioI:k4gzVsVtUqSOXjMWhSgMsp
Malware Config
Targets
-
-
Target
JaffaCakes118_47cba29117228ef631f5c20383fa793b
-
Size
339KB
-
MD5
47cba29117228ef631f5c20383fa793b
-
SHA1
4e2141a5e4804d08c94698c081887b6d427ccdd8
-
SHA256
eac23c9cc854335ebbd754c59025fb5a5fa5751305479f777d2495c0d12b3237
-
SHA512
faa66029ae46af127143b96f87e7328df5f834d6cd5ef0013a093adec1a5c6a9b3bb28f8ca8b8c47efd69553b1ea2fc3b3d9ac1c62459a21e861c4a7d78364e6
-
SSDEEP
6144:T0cUG6u+VcfwK0VsVtJE7qSOXUk/0whhbsvv4MR9UkioI:k4gzVsVtUqSOXjMWhSgMsp
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-