General
-
Target
a19e628b0b6983b11d119bd3f612cce0_JaffaCakes118
-
Size
501KB
-
Sample
241126-nfbl7aynas
-
MD5
a19e628b0b6983b11d119bd3f612cce0
-
SHA1
f52e3720662036fbfd2e1c181d688e1ebaf316df
-
SHA256
5229baea0cc6ef10faa54de3fa6688641ac8ccb6273906ec5c0e1436a005d958
-
SHA512
aa57128a8d2d1687bce1b527892fa0f281fa5f96303e254b470c86b173084dee943fc1923e89d8e78eaf1fa7fd0fcdc3d32fd14d1ff9a25ef6af9c613c3de980
-
SSDEEP
12288:29Ecfo8ivd+L3TT6S19c+7G5ybqmVUeSwEql2PXj9:tCiV+L3TT689cqGK3aqlyZ
Static task
static1
Behavioral task
behavioral1
Sample
a19e628b0b6983b11d119bd3f612cce0_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
a19e628b0b6983b11d119bd3f612cce0_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
a19e628b0b6983b11d119bd3f612cce0_JaffaCakes118
-
Size
501KB
-
MD5
a19e628b0b6983b11d119bd3f612cce0
-
SHA1
f52e3720662036fbfd2e1c181d688e1ebaf316df
-
SHA256
5229baea0cc6ef10faa54de3fa6688641ac8ccb6273906ec5c0e1436a005d958
-
SHA512
aa57128a8d2d1687bce1b527892fa0f281fa5f96303e254b470c86b173084dee943fc1923e89d8e78eaf1fa7fd0fcdc3d32fd14d1ff9a25ef6af9c613c3de980
-
SSDEEP
12288:29Ecfo8ivd+L3TT6S19c+7G5ybqmVUeSwEql2PXj9:tCiV+L3TT689cqGK3aqlyZ
Score10/10-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-