General
-
Target
JaffaCakes118_b1bdda75292f2af0348a91d116a7009d
-
Size
4.1MB
-
Sample
250207-cfzhgavkdw
-
MD5
b1bdda75292f2af0348a91d116a7009d
-
SHA1
95aa3a27d749b6ba4991f6e47508b6df28790390
-
SHA256
e9f8b461830ec4fb8db0929b1483635487aba50fa85f110b31e22989206bf5d0
-
SHA512
2af1d8e0a65ef1442f19ca0bc23292cda9c442b0b9458d420879b219ffe631638b41994b7e05cd06439720d5278e6296a3f42dc25ae3ac149172840202462435
-
SSDEEP
98304:oBXfxVOmIzJ+PCNmiRXkEI0eIDFOxvNqonb+x/1H8QrvRJxTwy:onkmIzJMCNrOH0edZnb+p1d1XTr
Malware Config
Targets
-
-
Target
JaffaCakes118_b1bdda75292f2af0348a91d116a7009d
-
Size
4.1MB
-
MD5
b1bdda75292f2af0348a91d116a7009d
-
SHA1
95aa3a27d749b6ba4991f6e47508b6df28790390
-
SHA256
e9f8b461830ec4fb8db0929b1483635487aba50fa85f110b31e22989206bf5d0
-
SHA512
2af1d8e0a65ef1442f19ca0bc23292cda9c442b0b9458d420879b219ffe631638b41994b7e05cd06439720d5278e6296a3f42dc25ae3ac149172840202462435
-
SSDEEP
98304:oBXfxVOmIzJ+PCNmiRXkEI0eIDFOxvNqonb+x/1H8QrvRJxTwy:onkmIzJMCNrOH0edZnb+p1d1XTr
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-