General
-
Target
7da551fd7d9e51b06f23e7101a9780cd_JaffaCakes118
-
Size
2.6MB
-
Sample
240731-x7vntazbjq
-
MD5
7da551fd7d9e51b06f23e7101a9780cd
-
SHA1
9092015ecf7c114b70c58762195a9ddb9b4aff1f
-
SHA256
7b74c25d8e2c66a198cdb0cfa56be815617d49578d25e57ad2e79fc5a5d2ed07
-
SHA512
2861b3d6f69757bfa0d6d611f8918f3b3549ba607d07925f878b85a4b675f934bd8c54993caa5c42f28424dfdb5c8d1a245aac158202b5977978b15479fb5045
-
SSDEEP
49152:9XTYPcN4veiIAEhgrFDBWLLRAnnMcooBx416rYQZ3fEXQRMDp795i5skfP5IYCc:jNOeWygPqRqxQxBXQml0PPt
Static task
static1
Behavioral task
behavioral1
Sample
7da551fd7d9e51b06f23e7101a9780cd_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
7da551fd7d9e51b06f23e7101a9780cd_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
7da551fd7d9e51b06f23e7101a9780cd_JaffaCakes118
-
Size
2.6MB
-
MD5
7da551fd7d9e51b06f23e7101a9780cd
-
SHA1
9092015ecf7c114b70c58762195a9ddb9b4aff1f
-
SHA256
7b74c25d8e2c66a198cdb0cfa56be815617d49578d25e57ad2e79fc5a5d2ed07
-
SHA512
2861b3d6f69757bfa0d6d611f8918f3b3549ba607d07925f878b85a4b675f934bd8c54993caa5c42f28424dfdb5c8d1a245aac158202b5977978b15479fb5045
-
SSDEEP
49152:9XTYPcN4veiIAEhgrFDBWLLRAnnMcooBx416rYQZ3fEXQRMDp795i5skfP5IYCc:jNOeWygPqRqxQxBXQml0PPt
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-