General
-
Target
JaffaCakes118_977f4588e38ffbaa84a34a36ac76acf2
-
Size
597KB
-
Sample
250204-x871jaylgt
-
MD5
977f4588e38ffbaa84a34a36ac76acf2
-
SHA1
7f0782737605b35a6ba821828c432ececb2d0ca5
-
SHA256
e5a7736c149f680a1c6e4d85f2b02c8288a6bdffaf63ab22e56f5770eb67de60
-
SHA512
11478e8306c31ec890d7d3a6381ccc4dea78ff1c03b34485f9e781ae44997de1fcbed68f5c136c7d5675f71a3a85b1f957ba99e49ff1dd45ea9d8a55a94c5ca9
-
SSDEEP
12288:1hq/CZhbmlqkJFNb2jp+sJ3ykcDBlQnOg51Wmzov4uwNYvlRUAAJ5VZQEGSuY:HRZhbmlqkJFNYp+G7cVlgOgKmzu4ubmH
Malware Config
Targets
-
-
Target
JaffaCakes118_977f4588e38ffbaa84a34a36ac76acf2
-
Size
597KB
-
MD5
977f4588e38ffbaa84a34a36ac76acf2
-
SHA1
7f0782737605b35a6ba821828c432ececb2d0ca5
-
SHA256
e5a7736c149f680a1c6e4d85f2b02c8288a6bdffaf63ab22e56f5770eb67de60
-
SHA512
11478e8306c31ec890d7d3a6381ccc4dea78ff1c03b34485f9e781ae44997de1fcbed68f5c136c7d5675f71a3a85b1f957ba99e49ff1dd45ea9d8a55a94c5ca9
-
SSDEEP
12288:1hq/CZhbmlqkJFNb2jp+sJ3ykcDBlQnOg51Wmzov4uwNYvlRUAAJ5VZQEGSuY:HRZhbmlqkJFNYp+G7cVlgOgKmzu4ubmH
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-