General
-
Target
JaffaCakes118_b27297bd78eec4ec49c1139e7caa8890
-
Size
584KB
-
Sample
250207-dy4etaxjfy
-
MD5
b27297bd78eec4ec49c1139e7caa8890
-
SHA1
d6975dd54693b8eb64788d571fbf4116d7bc171b
-
SHA256
ea11fe7dbfbaa27f6bc41472b7b68dd907ee917e69dad8a08cfa391b7a529774
-
SHA512
c97021a7ccc94314f67b7a973370399bf3f37c8e5e431c3ed23895fbb7ee81babcf2600dd4b7070e6940ea37dcc0ea2ac1dc86e4854d39189ccb1f9b8e831d04
-
SSDEEP
12288:ElV/HpvJ3xqUgIVsFfN+kM5Qdu43qMa+zi0fgdIuIPEkgvt:E/HpvqsEZur3+zZYC38xt
Malware Config
Targets
-
-
Target
JaffaCakes118_b27297bd78eec4ec49c1139e7caa8890
-
Size
584KB
-
MD5
b27297bd78eec4ec49c1139e7caa8890
-
SHA1
d6975dd54693b8eb64788d571fbf4116d7bc171b
-
SHA256
ea11fe7dbfbaa27f6bc41472b7b68dd907ee917e69dad8a08cfa391b7a529774
-
SHA512
c97021a7ccc94314f67b7a973370399bf3f37c8e5e431c3ed23895fbb7ee81babcf2600dd4b7070e6940ea37dcc0ea2ac1dc86e4854d39189ccb1f9b8e831d04
-
SSDEEP
12288:ElV/HpvJ3xqUgIVsFfN+kM5Qdu43qMa+zi0fgdIuIPEkgvt:E/HpvqsEZur3+zZYC38xt
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-