General
-
Target
JaffaCakes118_81dbd5cd4841f853dd3737acc48858b3
-
Size
1.1MB
-
Sample
250202-28q48stmhl
-
MD5
81dbd5cd4841f853dd3737acc48858b3
-
SHA1
d576298e05b994b35ac7cd267ef4318b0f7fe5e4
-
SHA256
9dd1e7af3c86d564b13096d8ca1028bb3e7906868de4891f2576622d65be4174
-
SHA512
df85abe7715964b6df8d0bbe2ec901006174b88c16381961cf606c4f105a7cc3ca3342ce0e1ce30b01e50133be8e65a5db7cad10cecd8232991ad7a69eb04116
-
SSDEEP
24576:9BjtOaJKO6o/Xa6U1LeUrq5lG/L8JxsrarpSnSes2DzDsqv0Toyk/pN:lxgO6nhe8q5lGoPsrcSnSQDzDAIBN
Malware Config
Targets
-
-
Target
JaffaCakes118_81dbd5cd4841f853dd3737acc48858b3
-
Size
1.1MB
-
MD5
81dbd5cd4841f853dd3737acc48858b3
-
SHA1
d576298e05b994b35ac7cd267ef4318b0f7fe5e4
-
SHA256
9dd1e7af3c86d564b13096d8ca1028bb3e7906868de4891f2576622d65be4174
-
SHA512
df85abe7715964b6df8d0bbe2ec901006174b88c16381961cf606c4f105a7cc3ca3342ce0e1ce30b01e50133be8e65a5db7cad10cecd8232991ad7a69eb04116
-
SSDEEP
24576:9BjtOaJKO6o/Xa6U1LeUrq5lG/L8JxsrarpSnSes2DzDsqv0Toyk/pN:lxgO6nhe8q5lGoPsrcSnSQDzDAIBN
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-