General
-
Target
d6cda39f0c27fe2976a3435ca02b0a34_JaffaCakes118
-
Size
2.1MB
-
Sample
240909-v6z6ss1bmq
-
MD5
d6cda39f0c27fe2976a3435ca02b0a34
-
SHA1
cc90eb5c7507ecc4d010ae56b91fe15562e5b812
-
SHA256
6fbe324be0a3456f9b1353b600eb84b770d0bb72910891cc8dcb2949b2b0d2b8
-
SHA512
48b3ef4663e90fd2cd65052fc63b1cebc4bdb20d891cf3be7fc01c961052b233a071c925ef13d3e4e352e21dd01a98174489220f3eba1264e486e8264945e6d4
-
SSDEEP
49152:OoTiWSeLWmD74CqUOiJkvSBRS5DS1I/2iWSUPW/J98ZmneEEdKF:yWSwF74CPR8S1KKScWnNe
Static task
static1
Behavioral task
behavioral1
Sample
d6cda39f0c27fe2976a3435ca02b0a34_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
d6cda39f0c27fe2976a3435ca02b0a34_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
d6cda39f0c27fe2976a3435ca02b0a34_JaffaCakes118
-
Size
2.1MB
-
MD5
d6cda39f0c27fe2976a3435ca02b0a34
-
SHA1
cc90eb5c7507ecc4d010ae56b91fe15562e5b812
-
SHA256
6fbe324be0a3456f9b1353b600eb84b770d0bb72910891cc8dcb2949b2b0d2b8
-
SHA512
48b3ef4663e90fd2cd65052fc63b1cebc4bdb20d891cf3be7fc01c961052b233a071c925ef13d3e4e352e21dd01a98174489220f3eba1264e486e8264945e6d4
-
SSDEEP
49152:OoTiWSeLWmD74CqUOiJkvSBRS5DS1I/2iWSUPW/J98ZmneEEdKF:yWSwF74CPR8S1KKScWnNe
Score10/10-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-