General
-
Target
7e9c4906fec6cc33dbc0b426a4da3d06_JaffaCakes118
-
Size
480KB
-
Sample
240801-bcj3yasgnk
-
MD5
7e9c4906fec6cc33dbc0b426a4da3d06
-
SHA1
a670e9a01bf4a7b267ac38366dab4fdc42039682
-
SHA256
125c81c42472fa5cf4c67ea38f6bd9c8b5543fd0f07785bc971bf9d3fdf2b3b2
-
SHA512
fdb3f2f255a938fa6ac136c9f07aa0ea1ec0d537685d94a2e515c83a21e919e565b977eaf30a39515e6115ed9b831f6b9197258ee43de714dba612b939756a20
-
SSDEEP
12288:ya5NNRPdbl8F/0145Anxjk7/sY49z6Bg:ya5PZ8R01NlY
Static task
static1
Behavioral task
behavioral1
Sample
7e9c4906fec6cc33dbc0b426a4da3d06_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
7e9c4906fec6cc33dbc0b426a4da3d06_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
7e9c4906fec6cc33dbc0b426a4da3d06_JaffaCakes118
-
Size
480KB
-
MD5
7e9c4906fec6cc33dbc0b426a4da3d06
-
SHA1
a670e9a01bf4a7b267ac38366dab4fdc42039682
-
SHA256
125c81c42472fa5cf4c67ea38f6bd9c8b5543fd0f07785bc971bf9d3fdf2b3b2
-
SHA512
fdb3f2f255a938fa6ac136c9f07aa0ea1ec0d537685d94a2e515c83a21e919e565b977eaf30a39515e6115ed9b831f6b9197258ee43de714dba612b939756a20
-
SSDEEP
12288:ya5NNRPdbl8F/0145Anxjk7/sY49z6Bg:ya5PZ8R01NlY
Score10/10-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-