General
-
Target
61c7407f12837bb4ea4c2de526f7364d_JaffaCakes118
-
Size
1.2MB
-
Sample
240721-23j4qssajr
-
MD5
61c7407f12837bb4ea4c2de526f7364d
-
SHA1
59a0a43e43c9d9e814b03ef5a0126577dccb8dbd
-
SHA256
4f0d2ffbc946083e38333012faa1132ff7f2479760819a1d5a05bd80777e50fc
-
SHA512
838bf7bfa17e5125980d067724330cb73aae41ed07bc46ca107898daa7e1ecbc18b2d5d51f2de412a765068c07ccee138d37785634cf0e478ae863f18cbf4caf
-
SSDEEP
24576:oU4oT7xcVaXEc/GbylnRj9n6b26FIufDR1cXY3Vw6fASyWV5onrqMLhvV5Ncc0Wz:oULTOSnMylh96b2cIsR6YFzfANWuhruk
Static task
static1
Behavioral task
behavioral1
Sample
61c7407f12837bb4ea4c2de526f7364d_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
61c7407f12837bb4ea4c2de526f7364d_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
61c7407f12837bb4ea4c2de526f7364d_JaffaCakes118
-
Size
1.2MB
-
MD5
61c7407f12837bb4ea4c2de526f7364d
-
SHA1
59a0a43e43c9d9e814b03ef5a0126577dccb8dbd
-
SHA256
4f0d2ffbc946083e38333012faa1132ff7f2479760819a1d5a05bd80777e50fc
-
SHA512
838bf7bfa17e5125980d067724330cb73aae41ed07bc46ca107898daa7e1ecbc18b2d5d51f2de412a765068c07ccee138d37785634cf0e478ae863f18cbf4caf
-
SSDEEP
24576:oU4oT7xcVaXEc/GbylnRj9n6b26FIufDR1cXY3Vw6fASyWV5onrqMLhvV5Ncc0Wz:oULTOSnMylh96b2cIsR6YFzfANWuhruk
Score10/10-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-