General
-
Target
JaffaCakes118_a844ed72ade87ed2957a765dae856aa2
-
Size
1.1MB
-
Sample
250206-hckg2awkcx
-
MD5
a844ed72ade87ed2957a765dae856aa2
-
SHA1
a8334e732d079c0f7d5728d529d64d7fb4b78dfa
-
SHA256
22d8da021250d781fe4386fd9e4de1c0c43fbaeeea2d8aacd368ff8a2dc1767b
-
SHA512
620e3ffb3a852945650b707eb60de815ae94889a5b16dee982493261c4f5658aaf5dc2f205e6ca8c71a4ce9df419d245ddc684cd1a971a30767c09a6cbd2a292
-
SSDEEP
24576:9H0KuTbFkvL/ysB0fK3E2ql1sXL4xAH7YuJBGbxr/nIsf2GVm/:9H0RTbezyE0ffpYsWbYuJBgrnj+G8
Malware Config
Targets
-
-
Target
JaffaCakes118_a844ed72ade87ed2957a765dae856aa2
-
Size
1.1MB
-
MD5
a844ed72ade87ed2957a765dae856aa2
-
SHA1
a8334e732d079c0f7d5728d529d64d7fb4b78dfa
-
SHA256
22d8da021250d781fe4386fd9e4de1c0c43fbaeeea2d8aacd368ff8a2dc1767b
-
SHA512
620e3ffb3a852945650b707eb60de815ae94889a5b16dee982493261c4f5658aaf5dc2f205e6ca8c71a4ce9df419d245ddc684cd1a971a30767c09a6cbd2a292
-
SSDEEP
24576:9H0KuTbFkvL/ysB0fK3E2ql1sXL4xAH7YuJBGbxr/nIsf2GVm/:9H0RTbezyE0ffpYsWbYuJBgrnj+G8
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-