General
-
Target
9af1276958721492f19d42ffd0358cba_JaffaCakes118
-
Size
756KB
-
Sample
241125-mlrpxsymfl
-
MD5
9af1276958721492f19d42ffd0358cba
-
SHA1
67d837ecf326ba46f9120b8467bff11bdec78897
-
SHA256
e3ca8a2d067d74c388de2bf37302d943b6d9030498c3642761cdd4d95ac7c368
-
SHA512
b178f8cc4d5f1c3e7096ccfa2577baeca8e3caf9b6fa78f3e679b94e52f5c9360ea244cafee91a62dbd5a4af2ff24e8b2dae1685a14f77b997060f490ad8ac73
-
SSDEEP
12288:P9JAq8RpxIjnOI2EigFKm0p8/FzGIc8u/dskrcRZca+XXQw865tDgASU6qnSH1DU:7Aq85sOI/iYa8tzGB8adaRuaP+rkHiAo
Static task
static1
Behavioral task
behavioral1
Sample
9af1276958721492f19d42ffd0358cba_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
9af1276958721492f19d42ffd0358cba_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
9af1276958721492f19d42ffd0358cba_JaffaCakes118
-
Size
756KB
-
MD5
9af1276958721492f19d42ffd0358cba
-
SHA1
67d837ecf326ba46f9120b8467bff11bdec78897
-
SHA256
e3ca8a2d067d74c388de2bf37302d943b6d9030498c3642761cdd4d95ac7c368
-
SHA512
b178f8cc4d5f1c3e7096ccfa2577baeca8e3caf9b6fa78f3e679b94e52f5c9360ea244cafee91a62dbd5a4af2ff24e8b2dae1685a14f77b997060f490ad8ac73
-
SSDEEP
12288:P9JAq8RpxIjnOI2EigFKm0p8/FzGIc8u/dskrcRZca+XXQw865tDgASU6qnSH1DU:7Aq85sOI/iYa8tzGB8adaRuaP+rkHiAo
Score10/10-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-