General
-
Target
5adf5054164aad4e498b051333cddac6_JaffaCakes118
-
Size
1.3MB
-
Sample
240719-hkpfysxdrr
-
MD5
5adf5054164aad4e498b051333cddac6
-
SHA1
b48ee1e453d4fb1a179d3d8a6a928f743693b9fa
-
SHA256
e478636ae8b59a322f86e51c501a0a2371558b7b8ce079cfb1adcfabadd7b633
-
SHA512
8492541d3e393c228d3f9b41cee8760f92eae81081f2af9baee30913b9d5db84cd3be7d34335099059cd2e4dc05291ab0643dd812c2da390d04557f1818e17fb
-
SSDEEP
24576:uiFK9PAU/h+cG3gUdZUrjWH8f3R5qiQ7P7AhNJ+9qsV3o:HF4PrhE9dZUuH8i5T7Ahn
Static task
static1
Behavioral task
behavioral1
Sample
5adf5054164aad4e498b051333cddac6_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.hi2.ro - Port:
21 - Username:
viteza11 - Password:
liverpool
Targets
-
-
Target
5adf5054164aad4e498b051333cddac6_JaffaCakes118
-
Size
1.3MB
-
MD5
5adf5054164aad4e498b051333cddac6
-
SHA1
b48ee1e453d4fb1a179d3d8a6a928f743693b9fa
-
SHA256
e478636ae8b59a322f86e51c501a0a2371558b7b8ce079cfb1adcfabadd7b633
-
SHA512
8492541d3e393c228d3f9b41cee8760f92eae81081f2af9baee30913b9d5db84cd3be7d34335099059cd2e4dc05291ab0643dd812c2da390d04557f1818e17fb
-
SSDEEP
24576:uiFK9PAU/h+cG3gUdZUrjWH8f3R5qiQ7P7AhNJ+9qsV3o:HF4PrhE9dZUuH8i5T7Ahn
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-