General
-
Target
JaffaCakes118_76f971091525783754d495ad80b47b99
-
Size
4.0MB
-
Sample
250202-adl39awnew
-
MD5
76f971091525783754d495ad80b47b99
-
SHA1
25c14623d50c6178ba5d4db1c42f175ff3d9a987
-
SHA256
51e6aebe4c253fb39aae33880847c92ae69487739e78152006a0fb840cacccb0
-
SHA512
d2cb366b8376eb7288d8641cda7fc5977d4afe18066d6bc44d157a5c18ef02efaf25b271b3ae2123cf4fc65df65101d3bc2c416713b85d512f9cb8589eeebfe4
-
SSDEEP
98304:+WEw8dY6/gjhZi/sgxYSZ4JLCYbXGl8cVtnOfe/hFs:Ww8i6oIxxJZMXs8cvO8+
Malware Config
Targets
-
-
Target
AMOR.pdf
-
Size
5KB
-
MD5
c592dc81e8266380851ba4b32a8a8aa5
-
SHA1
ef5fc0a7ae98d26121b84561b3b7597450f102d0
-
SHA256
13f18cf6ced37ab7b9056b66b066ba3b1abb2ec2aa0cdda92d81089d7c39310b
-
SHA512
d0f77a2d53240d20708695ce8740668dbc45a55114d2077526e6e638f1b09560379231029084f5f3f5c07f4f62925b8808907c779442326d3a78441e0d20295f
-
SSDEEP
96:qlTOMp66EdSKvt9boiWLETfl+aet90lKkjwnVEtzasJ4d7TP:eOfL4gxoiWW4fti8kknONW
Score3/10 -
-
-
Target
guia del AMORRRRRRRR.exe
-
Size
4.3MB
-
MD5
d876fdc6818190fc7ecc1e849cb6b3c0
-
SHA1
ca964ab6263ef213b0e865dd4a30b31776e78744
-
SHA256
e423ed04c23696b1463447e89aa2b8084aea4746dd5e039f4a8218f59675f7c6
-
SHA512
80cba59de560e1168e31a0e053b99c53aee9afd841284bf0717426df773f7ff59de3b0454da74e528f3751c798ba5f01c5e91875c133f41261fb1c47e6ca29dc
-
SSDEEP
98304:F1dl23qOyYd6oHKzh9CNs8142z6VVegllWP2QN/rK5OfpFE:myYYoqUH1/zCvG2QtW8+
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-