General
-
Target
JaffaCakes118_4999961435b374f78f2cbfc0af8c904c
-
Size
479KB
-
Sample
250128-lzt7javphl
-
MD5
4999961435b374f78f2cbfc0af8c904c
-
SHA1
629481abd44362a809f2837537dbe442636f4d06
-
SHA256
863c4630925985c50f7bd74afb23e284f4aebb8f6352074afdc40f303d53aa48
-
SHA512
1f06230f6ed818f1d5ca0446c72bdfd151aa403ebdecd6f07fd8305b1b59a6ed242f1275db2d4293b34c18c54083d4bfb2a16a2040c34ae5605b69475380bc25
-
SSDEEP
12288:B4PPhNaXuC9hmfVy7ffJI25lqOhBg32Jbfxbirn37U:yPfCrmty7fJhlqOhC2irn37U
Malware Config
Targets
-
-
Target
JaffaCakes118_4999961435b374f78f2cbfc0af8c904c
-
Size
479KB
-
MD5
4999961435b374f78f2cbfc0af8c904c
-
SHA1
629481abd44362a809f2837537dbe442636f4d06
-
SHA256
863c4630925985c50f7bd74afb23e284f4aebb8f6352074afdc40f303d53aa48
-
SHA512
1f06230f6ed818f1d5ca0446c72bdfd151aa403ebdecd6f07fd8305b1b59a6ed242f1275db2d4293b34c18c54083d4bfb2a16a2040c34ae5605b69475380bc25
-
SSDEEP
12288:B4PPhNaXuC9hmfVy7ffJI25lqOhBg32Jbfxbirn37U:yPfCrmty7fJhlqOhC2irn37U
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-