General
-
Target
98ec30e388040b2d6d113ba5dc684f74_JaffaCakes118
-
Size
480KB
-
Sample
241125-dzgbns1rgj
-
MD5
98ec30e388040b2d6d113ba5dc684f74
-
SHA1
60373d7cf902d248eafd0644a8d61cfb38cc2057
-
SHA256
e1c6967b1f1cb994d746b67bc8baf7c1a683bfbdd18ffd6f44a5f86946a3e1e5
-
SHA512
5610a25a0ece9e7e906ba20b19faeb1f44ee2dab61c8edc7960a795fd00150ff8579882d08e8fc773b1db39461fb0428176d27793fa5e62b0d381cb218a0c569
-
SSDEEP
12288:h4+RF04NwAs86Z2+2mjv8UOmDJ7Mmwd/lLAl4ReMLjUHZ3z:O+RaEwd5ZDbjv3Om9ARdLAl4I5D
Static task
static1
Behavioral task
behavioral1
Sample
98ec30e388040b2d6d113ba5dc684f74_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
98ec30e388040b2d6d113ba5dc684f74_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
98ec30e388040b2d6d113ba5dc684f74_JaffaCakes118
-
Size
480KB
-
MD5
98ec30e388040b2d6d113ba5dc684f74
-
SHA1
60373d7cf902d248eafd0644a8d61cfb38cc2057
-
SHA256
e1c6967b1f1cb994d746b67bc8baf7c1a683bfbdd18ffd6f44a5f86946a3e1e5
-
SHA512
5610a25a0ece9e7e906ba20b19faeb1f44ee2dab61c8edc7960a795fd00150ff8579882d08e8fc773b1db39461fb0428176d27793fa5e62b0d381cb218a0c569
-
SSDEEP
12288:h4+RF04NwAs86Z2+2mjv8UOmDJ7Mmwd/lLAl4ReMLjUHZ3z:O+RaEwd5ZDbjv3Om9ARdLAl4I5D
Score10/10-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-