General
-
Target
JaffaCakes118_1408c14f76c110abb37b53b139c77ea3
-
Size
1.1MB
-
Sample
250221-vptbxswnfp
-
MD5
1408c14f76c110abb37b53b139c77ea3
-
SHA1
b7c9f95ce70a209117f2931ba4f046284b61f82c
-
SHA256
49420ebe2da254a216cd6a10dfcc06b04a165bc232fe6983323505c6969d2d15
-
SHA512
f1017e9cfe15cbc0efd35e9b36db087d83d4571fa37fc8ea905a4be478427b6aee81a8dff2a8c5c8cbb2354d6dcf61cfb06f25e62f310d0287222cfea5b88ba7
-
SSDEEP
24576:VYuOkNg6QHzhkpNRSROVtObGkNwnj6Bt+BQNeFzFP:VzOyGKERXq6Bt9eFJP
Malware Config
Targets
-
-
Target
JaffaCakes118_1408c14f76c110abb37b53b139c77ea3
-
Size
1.1MB
-
MD5
1408c14f76c110abb37b53b139c77ea3
-
SHA1
b7c9f95ce70a209117f2931ba4f046284b61f82c
-
SHA256
49420ebe2da254a216cd6a10dfcc06b04a165bc232fe6983323505c6969d2d15
-
SHA512
f1017e9cfe15cbc0efd35e9b36db087d83d4571fa37fc8ea905a4be478427b6aee81a8dff2a8c5c8cbb2354d6dcf61cfb06f25e62f310d0287222cfea5b88ba7
-
SSDEEP
24576:VYuOkNg6QHzhkpNRSROVtObGkNwnj6Bt+BQNeFzFP:VzOyGKERXq6Bt9eFJP
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-