General
-
Target
JaffaCakes118_11029df7372683c19bc9d2bddf892750
-
Size
783KB
-
Sample
250221-hthd1awmfn
-
MD5
11029df7372683c19bc9d2bddf892750
-
SHA1
2e67dcda2f82946685537c308baee680cd03d542
-
SHA256
12ae7424b0d2bab81c3813fce6acfe2b8f4f04c7f73dcdadb817c773a8fd3288
-
SHA512
a0cfec94444e63d9eb26841a1c6dfee4de76022f56bf59592e76d360843141e278b48a2d89897fafacb7ded176a7523a66ed363216951684e283ba8c25fba1ad
-
SSDEEP
12288:cEfFOlD7H8cNw5+UqnLFWgME+QlnCvss1fRyJiIJIO1kKYEElSPw3IZc985:NgDwcuonL5MSkMJBIFlSuIZq85
Malware Config
Targets
-
-
Target
JaffaCakes118_11029df7372683c19bc9d2bddf892750
-
Size
783KB
-
MD5
11029df7372683c19bc9d2bddf892750
-
SHA1
2e67dcda2f82946685537c308baee680cd03d542
-
SHA256
12ae7424b0d2bab81c3813fce6acfe2b8f4f04c7f73dcdadb817c773a8fd3288
-
SHA512
a0cfec94444e63d9eb26841a1c6dfee4de76022f56bf59592e76d360843141e278b48a2d89897fafacb7ded176a7523a66ed363216951684e283ba8c25fba1ad
-
SSDEEP
12288:cEfFOlD7H8cNw5+UqnLFWgME+QlnCvss1fRyJiIJIO1kKYEElSPw3IZc985:NgDwcuonL5MSkMJBIFlSuIZq85
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-