General
-
Target
fda6b1ad394e1381a0b9154952f9f9a9_JaffaCakes118
-
Size
1.8MB
-
Sample
240929-dac8qaxblq
-
MD5
fda6b1ad394e1381a0b9154952f9f9a9
-
SHA1
391b8ad7c20034b1c5bbbdafe7f81a4660193f9a
-
SHA256
cf1698e1bb1f5461bc2b4aeac494b2d5f09cbca954191ef4e9c98397a4c08934
-
SHA512
0ae7d7025f5a01515e1ec0d83e36fe59849aee53184a1d2b90b3a9f5e505342b5dbfe2205537768f513b783b5c4646c5cc2d0ab105c4fff2ea1c56ea9ef6ab78
-
SSDEEP
49152:doT9G40r3WmDXgLISbjnuEhLQr+3AQbp8n:+G4Lv/PNQr+3AQbp8n
Static task
static1
Behavioral task
behavioral1
Sample
fda6b1ad394e1381a0b9154952f9f9a9_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
fda6b1ad394e1381a0b9154952f9f9a9_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
fda6b1ad394e1381a0b9154952f9f9a9_JaffaCakes118
-
Size
1.8MB
-
MD5
fda6b1ad394e1381a0b9154952f9f9a9
-
SHA1
391b8ad7c20034b1c5bbbdafe7f81a4660193f9a
-
SHA256
cf1698e1bb1f5461bc2b4aeac494b2d5f09cbca954191ef4e9c98397a4c08934
-
SHA512
0ae7d7025f5a01515e1ec0d83e36fe59849aee53184a1d2b90b3a9f5e505342b5dbfe2205537768f513b783b5c4646c5cc2d0ab105c4fff2ea1c56ea9ef6ab78
-
SSDEEP
49152:doT9G40r3WmDXgLISbjnuEhLQr+3AQbp8n:+G4Lv/PNQr+3AQbp8n
Score10/10-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-