General
-
Target
JaffaCakes118_bb47034dbb2f2b6b2ce63208ff3b6d91
-
Size
502KB
-
Sample
250417-1ll2bss1dv
-
MD5
bb47034dbb2f2b6b2ce63208ff3b6d91
-
SHA1
45b8f22b88e004a39621a1db3a323a4a18e0d3ac
-
SHA256
22816c05f7641b764cbaca69a21602bcbd0e6ad8b57b2f3bb59d771f3b4221ea
-
SHA512
80fe81737424e2fc0542ab12f4b2992b8242ba10925dff9bf74914211426557e8a4a298e70babd3425ca26af20dd60d383bcf8ddba97a6173a2395c44355a7f9
-
SSDEEP
12288:l6+RUTV5nolfFgD7V/QdvHmH+Qfoaur41TJDt3iCH/Vq4n9T:+TV5neFKhYdElfoauctjH/0mJ
Malware Config
Targets
-
-
Target
JaffaCakes118_bb47034dbb2f2b6b2ce63208ff3b6d91
-
Size
502KB
-
MD5
bb47034dbb2f2b6b2ce63208ff3b6d91
-
SHA1
45b8f22b88e004a39621a1db3a323a4a18e0d3ac
-
SHA256
22816c05f7641b764cbaca69a21602bcbd0e6ad8b57b2f3bb59d771f3b4221ea
-
SHA512
80fe81737424e2fc0542ab12f4b2992b8242ba10925dff9bf74914211426557e8a4a298e70babd3425ca26af20dd60d383bcf8ddba97a6173a2395c44355a7f9
-
SSDEEP
12288:l6+RUTV5nolfFgD7V/QdvHmH+Qfoaur41TJDt3iCH/Vq4n9T:+TV5neFKhYdElfoauctjH/0mJ
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-