General
-
Target
JaffaCakes118_d15d18d3ae0906489e9d48f39f9df525
-
Size
479KB
-
Sample
250209-t3xqtswpgj
-
MD5
d15d18d3ae0906489e9d48f39f9df525
-
SHA1
eac75bde087e6fd7e48564f569f6c11f2bd00ea6
-
SHA256
ae2302d69f0235e8a74a12f322302b452d6bc86da16d8de1b1fe09db6ae0b882
-
SHA512
ea7c00ccc821497de23ee365b7199b24b5c6d188d292cdad04e7dc5cb4ae52f4b114310d12c10fdfa055f52adade2576be494c97af9edc8266dc35406533eadb
-
SSDEEP
12288:mSJOb6VFWSw98sV5M5GdYnDOfAgjMgS8PxqDyyoavcw:gMFtq1+OfAaLxDy/cw
Malware Config
Targets
-
-
Target
JaffaCakes118_d15d18d3ae0906489e9d48f39f9df525
-
Size
479KB
-
MD5
d15d18d3ae0906489e9d48f39f9df525
-
SHA1
eac75bde087e6fd7e48564f569f6c11f2bd00ea6
-
SHA256
ae2302d69f0235e8a74a12f322302b452d6bc86da16d8de1b1fe09db6ae0b882
-
SHA512
ea7c00ccc821497de23ee365b7199b24b5c6d188d292cdad04e7dc5cb4ae52f4b114310d12c10fdfa055f52adade2576be494c97af9edc8266dc35406533eadb
-
SSDEEP
12288:mSJOb6VFWSw98sV5M5GdYnDOfAgjMgS8PxqDyyoavcw:gMFtq1+OfAaLxDy/cw
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1