General
-
Target
JaffaCakes118_b7accc8156cd14696a6dc68f6bed14b1
-
Size
1.3MB
-
Sample
250414-n7ne3ax1dw
-
MD5
b7accc8156cd14696a6dc68f6bed14b1
-
SHA1
81214bddc3a2698a1d928082ea909795cba614f6
-
SHA256
95d350a65ba24015a4670d1de663d8d96cbb2ae5645c37f969ebd6bfc7e74ae9
-
SHA512
0983e19dbfc09a2b2dc046e6556935a7deaaaff1b48a534c20b0c65e1fe01ea02cad693f89738db42c3b9866a3e5115eec953c719797e242a9ef65a4549a4239
-
SSDEEP
24576:Mwl0LNbsgyk+x64Ehekzb/OvAyrx4KNR/vQFQh1OMYozV8aQb/tm75gH6:MwliPj4EheoOj/vQFQ7YoB8JFm9ga
Malware Config
Targets
-
-
Target
JaffaCakes118_b7accc8156cd14696a6dc68f6bed14b1
-
Size
1.3MB
-
MD5
b7accc8156cd14696a6dc68f6bed14b1
-
SHA1
81214bddc3a2698a1d928082ea909795cba614f6
-
SHA256
95d350a65ba24015a4670d1de663d8d96cbb2ae5645c37f969ebd6bfc7e74ae9
-
SHA512
0983e19dbfc09a2b2dc046e6556935a7deaaaff1b48a534c20b0c65e1fe01ea02cad693f89738db42c3b9866a3e5115eec953c719797e242a9ef65a4549a4239
-
SSDEEP
24576:Mwl0LNbsgyk+x64Ehekzb/OvAyrx4KNR/vQFQh1OMYozV8aQb/tm75gH6:MwliPj4EheoOj/vQFQ7YoB8JFm9ga
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-