General
-
Target
77c3a99c1f481952191e5be167f30652_JaffaCakes118
-
Size
1.2MB
-
Sample
240727-l1e41avgrd
-
MD5
77c3a99c1f481952191e5be167f30652
-
SHA1
f1f2967b85221f4ed643dd0b717ef4d7318f01f5
-
SHA256
0cf0fb26fd8b180f820618ffefb27ee77ccafad08a1fcd8f7920e23b11dc17f3
-
SHA512
62fae59789dddcbb90bbe66a93725ef577b1eab3307cb0e3318009ffeb35586e01bb7095186393a268803bbd937217c72f93033c424a1b73f77236d582a9bdf7
-
SSDEEP
24576:NVaUTOpqR2M9sqRE5FaY7q5K2YfEynMBF4pmoosceeXiNTi/1rHFmm7A:NVrTOYXEzaY7qY2YfEynoF4Ide/NTix
Static task
static1
Behavioral task
behavioral1
Sample
77c3a99c1f481952191e5be167f30652_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
77c3a99c1f481952191e5be167f30652_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
77c3a99c1f481952191e5be167f30652_JaffaCakes118
-
Size
1.2MB
-
MD5
77c3a99c1f481952191e5be167f30652
-
SHA1
f1f2967b85221f4ed643dd0b717ef4d7318f01f5
-
SHA256
0cf0fb26fd8b180f820618ffefb27ee77ccafad08a1fcd8f7920e23b11dc17f3
-
SHA512
62fae59789dddcbb90bbe66a93725ef577b1eab3307cb0e3318009ffeb35586e01bb7095186393a268803bbd937217c72f93033c424a1b73f77236d582a9bdf7
-
SSDEEP
24576:NVaUTOpqR2M9sqRE5FaY7q5K2YfEynMBF4pmoosceeXiNTi/1rHFmm7A:NVrTOYXEzaY7qY2YfEynoF4Ide/NTix
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-