General
-
Target
JaffaCakes118_bffbf7a432940e458e618cb570971011
-
Size
665KB
-
Sample
250418-16sdvazlz4
-
MD5
bffbf7a432940e458e618cb570971011
-
SHA1
233b6c53ffb71f65f0880245716cc3f76c2038b6
-
SHA256
874b577ab8a32646b15b0f8eed66d50d22469fb58e25fd3c247500b2ffaf2605
-
SHA512
3b06f4998dc571ff68d06c625d5e1b9008afa1a6c659edc1ee19e3a6c6de3fbcfcb92f7642086771d8f6d6cd2599b2f9e18a0a5870d80451d1f0d553d7552b2c
-
SSDEEP
12288:FrhkJ65Km6H5dM9W54C6GfxUysPMrx93DY8x/gpcAVwoiDHfmlgzqtkku8pXfIH:FhkJo6HgA5r6OxUys0F9hx/rYD+fmNPC
Malware Config
Targets
-
-
Target
JaffaCakes118_bffbf7a432940e458e618cb570971011
-
Size
665KB
-
MD5
bffbf7a432940e458e618cb570971011
-
SHA1
233b6c53ffb71f65f0880245716cc3f76c2038b6
-
SHA256
874b577ab8a32646b15b0f8eed66d50d22469fb58e25fd3c247500b2ffaf2605
-
SHA512
3b06f4998dc571ff68d06c625d5e1b9008afa1a6c659edc1ee19e3a6c6de3fbcfcb92f7642086771d8f6d6cd2599b2f9e18a0a5870d80451d1f0d553d7552b2c
-
SSDEEP
12288:FrhkJ65Km6H5dM9W54C6GfxUysPMrx93DY8x/gpcAVwoiDHfmlgzqtkku8pXfIH:FhkJo6HgA5r6OxUys0F9hx/rYD+fmNPC
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-