General
-
Target
81b929ce0a8db49538d5d405e07acdd8_JaffaCakes118
-
Size
1.3MB
-
Sample
240801-yan1fazbka
-
MD5
81b929ce0a8db49538d5d405e07acdd8
-
SHA1
e485229c34b1bb3ff2a688c916e575b848179b9a
-
SHA256
d2543b8808c6554d3a1cfe7d3e0f3652bec283cd73040c808a7cecf04fb3e9c4
-
SHA512
3da5339aa12b2780f535fe496be53cb0a147eda4bfc54031d8057b5e1713c913c5fe807a83d1220a337bd02da5a2cdb26c7bf1ee7ae5e564c51357f3fe74b213
-
SSDEEP
24576:1ZxTqn2ZJkM45kXuVy8kDOoPjyGf/952uM++TXyQnxq07+ALPmoiMySeneB:1XTqn2Z3skXuMDOG908+bfnxdX5S
Static task
static1
Behavioral task
behavioral1
Sample
81b929ce0a8db49538d5d405e07acdd8_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
81b929ce0a8db49538d5d405e07acdd8_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
81b929ce0a8db49538d5d405e07acdd8_JaffaCakes118
-
Size
1.3MB
-
MD5
81b929ce0a8db49538d5d405e07acdd8
-
SHA1
e485229c34b1bb3ff2a688c916e575b848179b9a
-
SHA256
d2543b8808c6554d3a1cfe7d3e0f3652bec283cd73040c808a7cecf04fb3e9c4
-
SHA512
3da5339aa12b2780f535fe496be53cb0a147eda4bfc54031d8057b5e1713c913c5fe807a83d1220a337bd02da5a2cdb26c7bf1ee7ae5e564c51357f3fe74b213
-
SSDEEP
24576:1ZxTqn2ZJkM45kXuVy8kDOoPjyGf/952uM++TXyQnxq07+ALPmoiMySeneB:1XTqn2Z3skXuMDOG908+bfnxdX5S
Score10/10-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-