General
-
Target
JaffaCakes118_bd214a57c87f89ce4fed7ccea2b2fdba
-
Size
468KB
-
Sample
250418-jbremayqx3
-
MD5
bd214a57c87f89ce4fed7ccea2b2fdba
-
SHA1
bac92fda8b52a577fee06311a055ead9863cf0b7
-
SHA256
d6b9780a8157ac26d2077ab2c0dc6023636cc3adb5e7beb60feb7704273be965
-
SHA512
186d2a1ae5fd053abd3bc85db68969d4a85255731822865a8e3de3fb60dcf72672e0727410db7f3754e469bf28fcd9778ce8149a11da470278c3457e863c8007
-
SSDEEP
12288:xJw3phAQmsiXLdkQTgVO+gpbKPB6qjdvcyPqTUsTFcq:0Z5md2QtU6cWmiWq
Malware Config
Targets
-
-
Target
JaffaCakes118_bd214a57c87f89ce4fed7ccea2b2fdba
-
Size
468KB
-
MD5
bd214a57c87f89ce4fed7ccea2b2fdba
-
SHA1
bac92fda8b52a577fee06311a055ead9863cf0b7
-
SHA256
d6b9780a8157ac26d2077ab2c0dc6023636cc3adb5e7beb60feb7704273be965
-
SHA512
186d2a1ae5fd053abd3bc85db68969d4a85255731822865a8e3de3fb60dcf72672e0727410db7f3754e469bf28fcd9778ce8149a11da470278c3457e863c8007
-
SSDEEP
12288:xJw3phAQmsiXLdkQTgVO+gpbKPB6qjdvcyPqTUsTFcq:0Z5md2QtU6cWmiWq
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-