General
-
Target
JaffaCakes118_6609e9e6b2400c5c12e4b7ca1131f8c0
-
Size
168KB
-
Sample
250130-ymyqeasrhr
-
MD5
6609e9e6b2400c5c12e4b7ca1131f8c0
-
SHA1
f7a8ff4d5b9642572ed1113fcbab4a68d45e05f2
-
SHA256
c56ad6b5358fde733c12853fd16ec61b206ebb985085e0a403439477fa351213
-
SHA512
21122de7d695d323d4f099268aa6846579b999d8e6683a107a94b0972839e3adc4cc7b404b379d548fdaaa47871c02d156e6921268f5edd164faac5f2d36eb4b
-
SSDEEP
3072:GCNmpyGcdbqFQqkJv9K3qq0pjFf7GGh/gBGYU+yhFA1bxcYh5x3fTNkaRSNUurNj:TmpyGEqFZeCUJFTbKnUTi11cYdPOhNnJ
Malware Config
Targets
-
-
Target
JaffaCakes118_6609e9e6b2400c5c12e4b7ca1131f8c0
-
Size
168KB
-
MD5
6609e9e6b2400c5c12e4b7ca1131f8c0
-
SHA1
f7a8ff4d5b9642572ed1113fcbab4a68d45e05f2
-
SHA256
c56ad6b5358fde733c12853fd16ec61b206ebb985085e0a403439477fa351213
-
SHA512
21122de7d695d323d4f099268aa6846579b999d8e6683a107a94b0972839e3adc4cc7b404b379d548fdaaa47871c02d156e6921268f5edd164faac5f2d36eb4b
-
SSDEEP
3072:GCNmpyGcdbqFQqkJv9K3qq0pjFf7GGh/gBGYU+yhFA1bxcYh5x3fTNkaRSNUurNj:TmpyGEqFZeCUJFTbKnUTi11cYdPOhNnJ
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-