General
-
Target
JaffaCakes118_e761527c1a074361cc726dad1e158705
-
Size
959KB
-
Sample
250211-r3dlvawqej
-
MD5
e761527c1a074361cc726dad1e158705
-
SHA1
3389c536fafbeb0cca5d629241f7df021a874a2a
-
SHA256
7b9567fa039b6f323fb83203b7acea86f7938175c5df914a1a2c7e2d065398ad
-
SHA512
8b54c74e7109f22a03d4d66cfe0c3b344a7662a2ae548b428b6aa9d82b53740ab13af083d0def6757877de085e12f87ffb0f27a2ad704c562b480b735390384a
-
SSDEEP
24576:YuigojG/8u4u+f2+yX5rauSdSg9WjqO7Zn6tjSS0:YuiZKtV+f2+yXQAg9CqgZn6t+S0
Malware Config
Targets
-
-
Target
JaffaCakes118_e761527c1a074361cc726dad1e158705
-
Size
959KB
-
MD5
e761527c1a074361cc726dad1e158705
-
SHA1
3389c536fafbeb0cca5d629241f7df021a874a2a
-
SHA256
7b9567fa039b6f323fb83203b7acea86f7938175c5df914a1a2c7e2d065398ad
-
SHA512
8b54c74e7109f22a03d4d66cfe0c3b344a7662a2ae548b428b6aa9d82b53740ab13af083d0def6757877de085e12f87ffb0f27a2ad704c562b480b735390384a
-
SSDEEP
24576:YuigojG/8u4u+f2+yX5rauSdSg9WjqO7Zn6tjSS0:YuiZKtV+f2+yXQAg9CqgZn6t+S0
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1