General
-
Target
JaffaCakes118_bfd25b58d303297ce9ac9555237ff9d8
-
Size
592KB
-
Sample
250418-z865cavzbz
-
MD5
bfd25b58d303297ce9ac9555237ff9d8
-
SHA1
8887bfc2f3ef6d784c9f5dcbc0d6b727fbdd598b
-
SHA256
2330091e635e5ca594f0db56d3c2d842b0e3da5cf109533c2a97f1c160a02f98
-
SHA512
d904de791f8a909551594eda66b544910de5c80ba5bf5d5e2b9febcc4ef6c725cb64e6ee877b0b34bd1ec08c6b08130fefa2f733e45a2225054f2d1254792dfd
-
SSDEEP
12288:55t2N/7PTkESWw5nJzAPNuNdIT8YG6CltCGo1iPTvZ/CFlWMRSRLH:d2JaMYYG63Go16TvZ1MRc
Malware Config
Targets
-
-
Target
JaffaCakes118_bfd25b58d303297ce9ac9555237ff9d8
-
Size
592KB
-
MD5
bfd25b58d303297ce9ac9555237ff9d8
-
SHA1
8887bfc2f3ef6d784c9f5dcbc0d6b727fbdd598b
-
SHA256
2330091e635e5ca594f0db56d3c2d842b0e3da5cf109533c2a97f1c160a02f98
-
SHA512
d904de791f8a909551594eda66b544910de5c80ba5bf5d5e2b9febcc4ef6c725cb64e6ee877b0b34bd1ec08c6b08130fefa2f733e45a2225054f2d1254792dfd
-
SSDEEP
12288:55t2N/7PTkESWw5nJzAPNuNdIT8YG6CltCGo1iPTvZ/CFlWMRSRLH:d2JaMYYG63Go16TvZ1MRc
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-