General
-
Target
JaffaCakes118_a8c67e17555024b5078654d5d0934870
-
Size
144KB
-
Sample
250206-jgvn8sxrbw
-
MD5
a8c67e17555024b5078654d5d0934870
-
SHA1
9d0b9d27d4d769de39f8b7d33ec673c47acf6e1f
-
SHA256
f857bc2e2fd39914c427a09f2bf07ac63161658bf9bf79ac8c39be0d9e6c6893
-
SHA512
a18bf95b1e3fe5e221fae2167d53c1d6fffacece77ff3ed87e2532ccadd5484883d3f86a40b4d65c8d1f8346f01912deb0f92e647289e47d0acba76033cd7633
-
SSDEEP
3072:2OHHIzZHvV/N7Ygmz7AvzvWaw6Jin6BrwcejqSGWVtS+H4sg4VwwXv:pU9/NUnAvzvWawRurgqSza3CnXv
Malware Config
Targets
-
-
Target
JaffaCakes118_a8c67e17555024b5078654d5d0934870
-
Size
144KB
-
MD5
a8c67e17555024b5078654d5d0934870
-
SHA1
9d0b9d27d4d769de39f8b7d33ec673c47acf6e1f
-
SHA256
f857bc2e2fd39914c427a09f2bf07ac63161658bf9bf79ac8c39be0d9e6c6893
-
SHA512
a18bf95b1e3fe5e221fae2167d53c1d6fffacece77ff3ed87e2532ccadd5484883d3f86a40b4d65c8d1f8346f01912deb0f92e647289e47d0acba76033cd7633
-
SSDEEP
3072:2OHHIzZHvV/N7Ygmz7AvzvWaw6Jin6BrwcejqSGWVtS+H4sg4VwwXv:pU9/NUnAvzvWawRurgqSza3CnXv
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-