General
-
Target
82335d4eeb36490bdb86308628aa4d48_JaffaCakes118
-
Size
676KB
-
Sample
240801-3qqlessgnl
-
MD5
82335d4eeb36490bdb86308628aa4d48
-
SHA1
ea6c3b339cc1f295057e967619cafe7c5d1f5e9f
-
SHA256
a5479d518825e70a86607fa9ea141f446b97c83c963fe1fc508bc87930b47be5
-
SHA512
7957dcdcb2f4d2052449541ede615f17284e78c8552f66e3eaba407002baad969a55e1de809397f357ca8806d58d628f09de679e3e9e92b8876a9ca4adcdd843
-
SSDEEP
12288:13TdtLW5WIj1YSSdFxJhpvBSXyMzBUWb9lx/9AgHLo8OW+rB2:dDsj1dE5h5BcJ9nPx/igrp+M
Static task
static1
Behavioral task
behavioral1
Sample
82335d4eeb36490bdb86308628aa4d48_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
82335d4eeb36490bdb86308628aa4d48_JaffaCakes118
-
Size
676KB
-
MD5
82335d4eeb36490bdb86308628aa4d48
-
SHA1
ea6c3b339cc1f295057e967619cafe7c5d1f5e9f
-
SHA256
a5479d518825e70a86607fa9ea141f446b97c83c963fe1fc508bc87930b47be5
-
SHA512
7957dcdcb2f4d2052449541ede615f17284e78c8552f66e3eaba407002baad969a55e1de809397f357ca8806d58d628f09de679e3e9e92b8876a9ca4adcdd843
-
SSDEEP
12288:13TdtLW5WIj1YSSdFxJhpvBSXyMzBUWb9lx/9AgHLo8OW+rB2:dDsj1dE5h5BcJ9nPx/igrp+M
-
Ardamax main executable
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6