General
-
Target
c564a8b7cd6f0983ceb447939ef22a49_JaffaCakes118
-
Size
847KB
-
Sample
240827-v1626asanc
-
MD5
c564a8b7cd6f0983ceb447939ef22a49
-
SHA1
811f6e3422104e98de52000eae21ddab6f76f3cf
-
SHA256
ffb3fb6b0bc0d25ac0636546e8b9d012e4095787974efcfcae369795e41c748e
-
SHA512
660a0d1eb084ff203e31acf188a564ffc5fb5cb0e041ab41f66021f1e7f7d1efb5a048ce2420101d8862a56d2c575c5cd3ebdb5cff64a7c04697cf54b3bb84f8
-
SSDEEP
24576:zHFnUboWB3QNPnAW+ZsmwA3OFU9iI1cPpp:JnB9pozjs
Static task
static1
Behavioral task
behavioral1
Sample
c564a8b7cd6f0983ceb447939ef22a49_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c564a8b7cd6f0983ceb447939ef22a49_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
c564a8b7cd6f0983ceb447939ef22a49_JaffaCakes118
-
Size
847KB
-
MD5
c564a8b7cd6f0983ceb447939ef22a49
-
SHA1
811f6e3422104e98de52000eae21ddab6f76f3cf
-
SHA256
ffb3fb6b0bc0d25ac0636546e8b9d012e4095787974efcfcae369795e41c748e
-
SHA512
660a0d1eb084ff203e31acf188a564ffc5fb5cb0e041ab41f66021f1e7f7d1efb5a048ce2420101d8862a56d2c575c5cd3ebdb5cff64a7c04697cf54b3bb84f8
-
SSDEEP
24576:zHFnUboWB3QNPnAW+ZsmwA3OFU9iI1cPpp:JnB9pozjs
Score10/10-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-