General
-
Target
JaffaCakes118_b8c800c5a22fbeeb183eecb3b5759470
-
Size
180KB
-
Sample
250207-tb8n1sxlby
-
MD5
b8c800c5a22fbeeb183eecb3b5759470
-
SHA1
7eae8e51e36841240c390846c9c1b06df00b6c81
-
SHA256
8e6d2164679243b757ed0a1610e399db7b5b24bcba098926e67f3a49c51fcde7
-
SHA512
c5f138c64f49f1af9349abd36e2d8076c68e6dd92001606d3deec4446dbfea2863bd3418552e931b3b86d7436a428d33650131b7378776f2418f7ed016b94cbb
-
SSDEEP
3072:6Oi3d9hdevZs0QQRGxXBI064TOadCj7XP3tLvsAeqv9hwO5V:grMExixDXXFLkAFhh5V
Malware Config
Targets
-
-
Target
JaffaCakes118_b8c800c5a22fbeeb183eecb3b5759470
-
Size
180KB
-
MD5
b8c800c5a22fbeeb183eecb3b5759470
-
SHA1
7eae8e51e36841240c390846c9c1b06df00b6c81
-
SHA256
8e6d2164679243b757ed0a1610e399db7b5b24bcba098926e67f3a49c51fcde7
-
SHA512
c5f138c64f49f1af9349abd36e2d8076c68e6dd92001606d3deec4446dbfea2863bd3418552e931b3b86d7436a428d33650131b7378776f2418f7ed016b94cbb
-
SSDEEP
3072:6Oi3d9hdevZs0QQRGxXBI064TOadCj7XP3tLvsAeqv9hwO5V:grMExixDXXFLkAFhh5V
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-