General
-
Target
JaffaCakes118_bc8aa639cb791cde737b522d799bef07
-
Size
1.1MB
-
Sample
250418-esw9zsstaz
-
MD5
bc8aa639cb791cde737b522d799bef07
-
SHA1
b84951897061b480b8cb201507abbe039c2b42bf
-
SHA256
5539d7c79aeb186125e5ea0b0be0d0a2b22d10db19bc83b2438faaff24c8e1d7
-
SHA512
3e2cd017c54083b2d576f0125841dd3ec640d7feb1020af9413f8f6802a8eb43e3c96e709d1727a5c39fca422f9e43c9448bc8c6965c1d84538c6ae61b4bf67a
-
SSDEEP
24576:MNFh9lEwXFenly32AHHlY6P1tA+AZh6LGGLM52bWal:CP9lEwXIlrAHFY6PD9AZCJLMcbB
Malware Config
Targets
-
-
Target
JaffaCakes118_bc8aa639cb791cde737b522d799bef07
-
Size
1.1MB
-
MD5
bc8aa639cb791cde737b522d799bef07
-
SHA1
b84951897061b480b8cb201507abbe039c2b42bf
-
SHA256
5539d7c79aeb186125e5ea0b0be0d0a2b22d10db19bc83b2438faaff24c8e1d7
-
SHA512
3e2cd017c54083b2d576f0125841dd3ec640d7feb1020af9413f8f6802a8eb43e3c96e709d1727a5c39fca422f9e43c9448bc8c6965c1d84538c6ae61b4bf67a
-
SSDEEP
24576:MNFh9lEwXFenly32AHHlY6P1tA+AZh6LGGLM52bWal:CP9lEwXIlrAHFY6PD9AZCJLMcbB
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-