General
-
Target
JaffaCakes118_0df39b6680451ee6693861d3c2ceaa4f
-
Size
724KB
-
Sample
250220-y169pswkv3
-
MD5
0df39b6680451ee6693861d3c2ceaa4f
-
SHA1
14ba929dbfee8c473b8915568cd1574bed632930
-
SHA256
56aac3c96c719b13b316108ffb2eb24b5c39e2f4b669c7cad0146c0991fae19e
-
SHA512
728bb97c219183d70846a2b1086770ab68add62ef0cbf4ca870655f40a4f2d87b4c903724f1111b323e954a92a359efd88c1c5fa88285c6fab711cc2d910de90
-
SSDEEP
12288:W5Zjyq85p5fMZX9BxN7nV/OQQBVXOVv4qx9du5FZL1E4wwPM5Dp9K:8Zjyq85pmB3n4tgDdu5FZLG4m5Dp9K
Malware Config
Extracted
Protocol: ftp- Host:
milenium.50webs.com - Port:
21 - Username:
reinaldo - Password:
8663534
Targets
-
-
Target
JaffaCakes118_0df39b6680451ee6693861d3c2ceaa4f
-
Size
724KB
-
MD5
0df39b6680451ee6693861d3c2ceaa4f
-
SHA1
14ba929dbfee8c473b8915568cd1574bed632930
-
SHA256
56aac3c96c719b13b316108ffb2eb24b5c39e2f4b669c7cad0146c0991fae19e
-
SHA512
728bb97c219183d70846a2b1086770ab68add62ef0cbf4ca870655f40a4f2d87b4c903724f1111b323e954a92a359efd88c1c5fa88285c6fab711cc2d910de90
-
SSDEEP
12288:W5Zjyq85p5fMZX9BxN7nV/OQQBVXOVv4qx9du5FZL1E4wwPM5Dp9K:8Zjyq85pmB3n4tgDdu5FZLG4m5Dp9K
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-