General
-
Target
7a0a68789a27b734e85fd5a2cf87dd71_JaffaCakes118
-
Size
1.2MB
-
Sample
240730-z1fbnaygkl
-
MD5
7a0a68789a27b734e85fd5a2cf87dd71
-
SHA1
4a56bd1f82931786583661f3f8497a5716905db8
-
SHA256
8f21f79872d5464fa516c9d71af269757acc2c558657ee73593028bc544a5b3b
-
SHA512
bcd6db40a6ebfdf5328163551150fe00c4160cc2b354caae74e85b69c6b6f026859141459bbda742b04d2c7a678363c27861444dd9902cabce359c1bb9d97c5c
-
SSDEEP
24576:Z/6GrWipCSBOfKoJtVKEHIys01hkc9GyXt/iZrZ8tZRXfjfZxQg9p13waz5J:U6jC/yUHs+h/9GWtqZrZ8tZRXfjIgxpf
Static task
static1
Behavioral task
behavioral1
Sample
RsClient.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
RsClient.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
RsClient.exe
-
Size
1.2MB
-
MD5
e024b24af0e1ef588848965213667812
-
SHA1
eb756777047dde576365bad023f5402b3cfce21c
-
SHA256
57052b19ec30d1c8a5fb21816bb8a41d83106a589bbbd6e984604f4a945e9408
-
SHA512
53652436264058b03b3afbc408e659e18ace415b570c2541deb0f16e51fc6e1de0c9376c9c24b6356cb5b21948377b4d94601ddd4c396e228cf92e20c35b59c2
-
SSDEEP
24576:d0NzTFeoTgwR17lrWy4iGiEA0NkXYPp1aZM23+JOp++ufdAOouY0MCNZYTjaMLoQ:d0pTFeoTtT5rWy4iGiSkqeytJO81dYZw
Score10/10-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-