Extracted

• • Target

    JaffaCakes118_9c3d3d6ad9a1e7d802dc03814319ae90

  • Size

    348KB

  • MD5

    9c3d3d6ad9a1e7d802dc03814319ae90

  • SHA1

    be0ad25b7dede749ce775edad30da9d77e7b76df

  • SHA256

    55aa044670903b5c75af9f7c4c6fd9f0aa28e8df793f5e38a839f4a1b472f7dc

  • SHA512

    d6ba7ab874bf1fae4d9357a024a42c2e71729d4e3e74e6b1960ca28e6423ac6992d7fb4d254f600cfac69defa51ebea504e8e5fdd17f3e6e3cac2145e596b689

  • SSDEEP

    6144:mZuuObR8sVImcyY5iU+wDciLGIwdajYVtlexWzBKsWY8Z8gMc7JF:tV+mzFgDckwdajYVt4WtBWYc8gH

  Score

  10^/10

  ardamaxdiscoverykeyloggerpersistencestealer

  • Ardamax

    A keylogger first seen in 2013.

    keyloggerstealerardamax

  • Ardamax family

    ardamax

  • Ardamax main executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2