General
-
Target
832d00f24ff6da9a9aa0f7c196eef3c3_JaffaCakes118
-
Size
1.3MB
-
Sample
240802-fy5c8axgqr
-
MD5
832d00f24ff6da9a9aa0f7c196eef3c3
-
SHA1
c44ab4b8568820054df02d415213ccb3cc408a20
-
SHA256
c5c9b85990fc09029e68fdbd2f4dcdb22180565cc353532e772bff08e3a0408c
-
SHA512
8d3f5682d3f62833a7b6bde36b5855cfeea6b0528cc92a3911f8a618a9432a6b55b43843063dddef38ac10e83d609e338757939c6e4b3c3811caa6066e92b60b
-
SSDEEP
24576:0eTWDfG0S1fV0iMlUZzutvnS6eQad4txR9vZZsDSyFn3FaI+G:0eYk0tiutvSDkvpv/yF3Fj+
Static task
static1
Behavioral task
behavioral1
Sample
832d00f24ff6da9a9aa0f7c196eef3c3_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
832d00f24ff6da9a9aa0f7c196eef3c3_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
832d00f24ff6da9a9aa0f7c196eef3c3_JaffaCakes118
-
Size
1.3MB
-
MD5
832d00f24ff6da9a9aa0f7c196eef3c3
-
SHA1
c44ab4b8568820054df02d415213ccb3cc408a20
-
SHA256
c5c9b85990fc09029e68fdbd2f4dcdb22180565cc353532e772bff08e3a0408c
-
SHA512
8d3f5682d3f62833a7b6bde36b5855cfeea6b0528cc92a3911f8a618a9432a6b55b43843063dddef38ac10e83d609e338757939c6e4b3c3811caa6066e92b60b
-
SSDEEP
24576:0eTWDfG0S1fV0iMlUZzutvnS6eQad4txR9vZZsDSyFn3FaI+G:0eYk0tiutvSDkvpv/yF3Fj+
Score10/10-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-