General
-
Target
JaffaCakes118_cbce3751d9279bbd3b234cace96d988e
-
Size
1.5MB
-
Sample
250209-gcxxpaxjhz
-
MD5
cbce3751d9279bbd3b234cace96d988e
-
SHA1
5416aa8f163bbe6b07f5b340fa6d0c1057a15ac9
-
SHA256
576a29bba2fb680a9f55458b9da9afcb44625852cd885e413213ffd9ac88279e
-
SHA512
cc7506a61d07ec24c7a175c8f6417ca399ae346134eb2fce18a1a2bada1f08c84f85211fd3f0010d77ae57065e3195d84416c3ceb272fcdb4199acf51b8cc785
-
SSDEEP
24576:2wAUat/MkChkpz5RfIAjN2EBcMVh68z94iCHXOWpTpBn0OZpuJsM7/hbYv/:EUataKzRXszio8zk+Wd0OZpa9t0
Malware Config
Targets
-
-
Target
JaffaCakes118_cbce3751d9279bbd3b234cace96d988e
-
Size
1.5MB
-
MD5
cbce3751d9279bbd3b234cace96d988e
-
SHA1
5416aa8f163bbe6b07f5b340fa6d0c1057a15ac9
-
SHA256
576a29bba2fb680a9f55458b9da9afcb44625852cd885e413213ffd9ac88279e
-
SHA512
cc7506a61d07ec24c7a175c8f6417ca399ae346134eb2fce18a1a2bada1f08c84f85211fd3f0010d77ae57065e3195d84416c3ceb272fcdb4199acf51b8cc785
-
SSDEEP
24576:2wAUat/MkChkpz5RfIAjN2EBcMVh68z94iCHXOWpTpBn0OZpuJsM7/hbYv/:EUataKzRXszio8zk+Wd0OZpa9t0
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1