General
-
Target
JaffaCakes118_a9f6481e454517fd982fc51843473cb4
-
Size
712KB
-
Sample
250206-l3537stlhn
-
MD5
a9f6481e454517fd982fc51843473cb4
-
SHA1
f1b642582c615320a24e10dec4160f12fe1d4d70
-
SHA256
bd2532fc27e7c8aa90bc5cc693041dffc41b7078092b31a145272058e7350df8
-
SHA512
6edbf7df1eacc3a6b1fb42e33c318a03c2e5ae77a3d2f15b18b8fcf5d49d964bf71e163bbdcb198c0bc64f1a647e5632c6e2f2f483073bf85d192c769fcbc5ad
-
SSDEEP
12288:siIgApCqWjW9l7RpOAaTqVxHjh+fLSQFA470w56kbPBim2Qb+yZgcJTZyP2R8Fxk:kYVYRlyqVJh+fFA4IW6Mphb7gQoo64
Malware Config
Targets
-
-
Target
JaffaCakes118_a9f6481e454517fd982fc51843473cb4
-
Size
712KB
-
MD5
a9f6481e454517fd982fc51843473cb4
-
SHA1
f1b642582c615320a24e10dec4160f12fe1d4d70
-
SHA256
bd2532fc27e7c8aa90bc5cc693041dffc41b7078092b31a145272058e7350df8
-
SHA512
6edbf7df1eacc3a6b1fb42e33c318a03c2e5ae77a3d2f15b18b8fcf5d49d964bf71e163bbdcb198c0bc64f1a647e5632c6e2f2f483073bf85d192c769fcbc5ad
-
SSDEEP
12288:siIgApCqWjW9l7RpOAaTqVxHjh+fLSQFA470w56kbPBim2Qb+yZgcJTZyP2R8Fxk:kYVYRlyqVJh+fFA4IW6Mphb7gQoo64
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-