General
-
Target
5937302c5d9b998e0d80f9476a8aa7b1_JaffaCakes118
-
Size
1.1MB
-
Sample
240718-1q1ehs1emc
-
MD5
5937302c5d9b998e0d80f9476a8aa7b1
-
SHA1
5945ebfae25dd58abd8ed34d21a82ede4a14c866
-
SHA256
a99e8aabcbe33fc2fda93ab6808c8f16c05a54bbedaf848182e27f4f65099bf8
-
SHA512
c042ac639a607d4eb52d0788f845defca9d5e9ce1df6672c7ef688ed0bee7d38b31948262c25181920e1ceaa91d1aa23b645ef7e6769b55e7b62d5b0cbc558d2
-
SSDEEP
24576:bPlDx29PP2l+zmtzRhOXYW64IhUVbhXl1GwmxWtE8yUpmdV/8YoCj3+A18:b9D49nmhGKhSV2HAE8yUQXEYf3b18
Static task
static1
Behavioral task
behavioral1
Sample
5937302c5d9b998e0d80f9476a8aa7b1_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.drivehq.com - Port:
21 - Username:
umer93
Targets
-
-
Target
5937302c5d9b998e0d80f9476a8aa7b1_JaffaCakes118
-
Size
1.1MB
-
MD5
5937302c5d9b998e0d80f9476a8aa7b1
-
SHA1
5945ebfae25dd58abd8ed34d21a82ede4a14c866
-
SHA256
a99e8aabcbe33fc2fda93ab6808c8f16c05a54bbedaf848182e27f4f65099bf8
-
SHA512
c042ac639a607d4eb52d0788f845defca9d5e9ce1df6672c7ef688ed0bee7d38b31948262c25181920e1ceaa91d1aa23b645ef7e6769b55e7b62d5b0cbc558d2
-
SSDEEP
24576:bPlDx29PP2l+zmtzRhOXYW64IhUVbhXl1GwmxWtE8yUpmdV/8YoCj3+A18:b9D49nmhGKhSV2HAE8yUQXEYf3b18
-
Ardamax main executable
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-