General
-
Target
988e5b36a467ca8c19aaf8bc40ac8662_JaffaCakes118
-
Size
571KB
-
Sample
241125-cg84asxrdp
-
MD5
988e5b36a467ca8c19aaf8bc40ac8662
-
SHA1
2a4f26a93d53954863d7c96510ddffe341a99287
-
SHA256
f33df27acb75b279b908464410a8c62909b9a816b0f3ff324eef48f53cd44b1d
-
SHA512
4853f5071d2eebf2eb75260fe060e3598940fb5362ce3d71e25641d816d082b7e639b9eb108a1d46ca68fe898c82240d304b4519bcfbff263dd53ca5967b3fb2
-
SSDEEP
12288:cRXehTMj0o8CzW0XB89Y1LFZ8KdGutxV1cRnx65yt58KRpkoIaXemr:Dmj0o8YvBaYPZ8KUuPfU8KRpBIaXPr
Static task
static1
Behavioral task
behavioral1
Sample
988e5b36a467ca8c19aaf8bc40ac8662_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
988e5b36a467ca8c19aaf8bc40ac8662_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
988e5b36a467ca8c19aaf8bc40ac8662_JaffaCakes118
-
Size
571KB
-
MD5
988e5b36a467ca8c19aaf8bc40ac8662
-
SHA1
2a4f26a93d53954863d7c96510ddffe341a99287
-
SHA256
f33df27acb75b279b908464410a8c62909b9a816b0f3ff324eef48f53cd44b1d
-
SHA512
4853f5071d2eebf2eb75260fe060e3598940fb5362ce3d71e25641d816d082b7e639b9eb108a1d46ca68fe898c82240d304b4519bcfbff263dd53ca5967b3fb2
-
SSDEEP
12288:cRXehTMj0o8CzW0XB89Y1LFZ8KdGutxV1cRnx65yt58KRpkoIaXemr:Dmj0o8YvBaYPZ8KUuPfU8KRpBIaXPr
Score10/10-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-