General
-
Target
JaffaCakes118_74349d20639482a469c4713dba5d28b0
-
Size
286KB
-
Sample
250201-v17zfssmgy
-
MD5
74349d20639482a469c4713dba5d28b0
-
SHA1
7cc5e647825582b960cf66f3ed3a1a96ccbc8636
-
SHA256
afea8ec1ca24507f4dceaac127a154cbc3532a4cb54c731ca2aa96a77a95a2cd
-
SHA512
cf159e39394140e7c29ad35244fe4841ebb9cac66fb8c25a33a19375db4b970f7714e84731f35933ae04f47058b9aad3d9c0873b0042343c81aafd0ae9fcc2ac
-
SSDEEP
6144:pBvkw4O7I+Ke8wVqBrxw0o612rLAsmwTjeJHk+yhopH99:3vhbI+Ke8lx46gQstIZ2GHf
Malware Config
Targets
-
-
Target
JaffaCakes118_74349d20639482a469c4713dba5d28b0
-
Size
286KB
-
MD5
74349d20639482a469c4713dba5d28b0
-
SHA1
7cc5e647825582b960cf66f3ed3a1a96ccbc8636
-
SHA256
afea8ec1ca24507f4dceaac127a154cbc3532a4cb54c731ca2aa96a77a95a2cd
-
SHA512
cf159e39394140e7c29ad35244fe4841ebb9cac66fb8c25a33a19375db4b970f7714e84731f35933ae04f47058b9aad3d9c0873b0042343c81aafd0ae9fcc2ac
-
SSDEEP
6144:pBvkw4O7I+Ke8wVqBrxw0o612rLAsmwTjeJHk+yhopH99:3vhbI+Ke8lx46gQstIZ2GHf
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-