General
-
Target
JaffaCakes118_5ebfb94d881fd5e168bf7143feb303be
-
Size
271KB
-
Sample
250130-ez7pasynaz
-
MD5
5ebfb94d881fd5e168bf7143feb303be
-
SHA1
f86cea341ac18c4362714fedd3063f787a5f34b4
-
SHA256
d67c71890aab3512d49afd811216d54c6b5da0795a278ac243f7f9bcc5bed67c
-
SHA512
279dbca2318c0330bbfd4a133b67ab36df7bdafe7aff3eb6475b0ad877621d245697aaad7955172f967511fe7b900fb012fb49a97104520f8d1be75f357972e6
-
SSDEEP
6144:jG68ioiUGtdRgvCkkV3dtxfPQC47zuQEvK:jW6tXV3PxN4mK
Malware Config
Targets
-
-
Target
JaffaCakes118_5ebfb94d881fd5e168bf7143feb303be
-
Size
271KB
-
MD5
5ebfb94d881fd5e168bf7143feb303be
-
SHA1
f86cea341ac18c4362714fedd3063f787a5f34b4
-
SHA256
d67c71890aab3512d49afd811216d54c6b5da0795a278ac243f7f9bcc5bed67c
-
SHA512
279dbca2318c0330bbfd4a133b67ab36df7bdafe7aff3eb6475b0ad877621d245697aaad7955172f967511fe7b900fb012fb49a97104520f8d1be75f357972e6
-
SSDEEP
6144:jG68ioiUGtdRgvCkkV3dtxfPQC47zuQEvK:jW6tXV3PxN4mK
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-