General
-
Target
7bbd3209c2f9a006240ad39c6ff4a9fb_JaffaCakes118
-
Size
12.4MB
-
Sample
240731-jdtyjatejn
-
MD5
7bbd3209c2f9a006240ad39c6ff4a9fb
-
SHA1
b14a2d50e9370b154ae567a2c65594da3478f2e8
-
SHA256
f16d04400634da3e1c941d20b2a3a96cd4ccfcc45616f511b31c71461523c04c
-
SHA512
a8928cabaeb0abf24e9d7ca0a2874c1a1f6961b17ba2ddf8c2e8805a683d0c287f84e1ec7095293de72057477717ae9f60c47cd3bb885f3ff4f4aaac5bd72e4b
-
SSDEEP
393216:nP3tC2xkHI0cvuFYT3SiiOiadZsz3KubT:nCo5uYLkMmGubT
Static task
static1
Behavioral task
behavioral1
Sample
7bbd3209c2f9a006240ad39c6ff4a9fb_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
7bbd3209c2f9a006240ad39c6ff4a9fb_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
7bbd3209c2f9a006240ad39c6ff4a9fb_JaffaCakes118
-
Size
12.4MB
-
MD5
7bbd3209c2f9a006240ad39c6ff4a9fb
-
SHA1
b14a2d50e9370b154ae567a2c65594da3478f2e8
-
SHA256
f16d04400634da3e1c941d20b2a3a96cd4ccfcc45616f511b31c71461523c04c
-
SHA512
a8928cabaeb0abf24e9d7ca0a2874c1a1f6961b17ba2ddf8c2e8805a683d0c287f84e1ec7095293de72057477717ae9f60c47cd3bb885f3ff4f4aaac5bd72e4b
-
SSDEEP
393216:nP3tC2xkHI0cvuFYT3SiiOiadZsz3KubT:nCo5uYLkMmGubT
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-