General
-
Target
JaffaCakes118_6debbf384f4edab28f4e2b5923752f62
-
Size
660KB
-
Sample
250131-zrry4awrgw
-
MD5
6debbf384f4edab28f4e2b5923752f62
-
SHA1
b89cf4c34a94df58985df00cc223a54fcad73cf5
-
SHA256
59efe58fb0511ffd66ea29e755f1fe47b56fd4971253e9b5d0af35b5705dbce7
-
SHA512
98b074098efea54c3fbe7575162a83c66b4786c286cd1133d7303b45cbe37bb48d960fbd2ca9531a872a69d8f47fe6941a4dbbc4d24c223eba4999ed46cd4214
-
SSDEEP
12288:NyOqxChg9r7ZyqcOmjCrDDbk8joYxLZECkUzRHZ0nNCfYtk2ijKNaIlkMHkDPf:NHcpUqc5WXDY8oYVZEHiINZ3iGEAkMEb
Malware Config
Targets
-
-
Target
JaffaCakes118_6debbf384f4edab28f4e2b5923752f62
-
Size
660KB
-
MD5
6debbf384f4edab28f4e2b5923752f62
-
SHA1
b89cf4c34a94df58985df00cc223a54fcad73cf5
-
SHA256
59efe58fb0511ffd66ea29e755f1fe47b56fd4971253e9b5d0af35b5705dbce7
-
SHA512
98b074098efea54c3fbe7575162a83c66b4786c286cd1133d7303b45cbe37bb48d960fbd2ca9531a872a69d8f47fe6941a4dbbc4d24c223eba4999ed46cd4214
-
SSDEEP
12288:NyOqxChg9r7ZyqcOmjCrDDbk8joYxLZECkUzRHZ0nNCfYtk2ijKNaIlkMHkDPf:NHcpUqc5WXDY8oYVZEHiINZ3iGEAkMEb
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-