General
-
Target
a1ebd31cca0808cef68bb396c1c1c56d_JaffaCakes118
-
Size
1.8MB
-
Sample
241126-pl3tasxmbp
-
MD5
a1ebd31cca0808cef68bb396c1c1c56d
-
SHA1
00405eaed613be4e596c203913ba2b7f880e94c8
-
SHA256
e787ef308f760af58ff6611390c0de24b3e62f71f7012326c2a04679223a2c88
-
SHA512
eac9f9bc05713a0ba533b8b9e4131b415ffa87e2eebb7af4abe158af2bb9f6e5a73f547383aad82826477a6716ab7ce33db4c499f90361cbec3c903a3394eced
-
SSDEEP
49152:xQcXy/RF6ZWpmcYbZtxPsxc6iFyVkaner:xQcXyNpmZbZty+/0kIer
Static task
static1
Behavioral task
behavioral1
Sample
a1ebd31cca0808cef68bb396c1c1c56d_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
a1ebd31cca0808cef68bb396c1c1c56d_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.drivehq.com - Port:
21 - Username:
slslasher
Targets
-
-
Target
a1ebd31cca0808cef68bb396c1c1c56d_JaffaCakes118
-
Size
1.8MB
-
MD5
a1ebd31cca0808cef68bb396c1c1c56d
-
SHA1
00405eaed613be4e596c203913ba2b7f880e94c8
-
SHA256
e787ef308f760af58ff6611390c0de24b3e62f71f7012326c2a04679223a2c88
-
SHA512
eac9f9bc05713a0ba533b8b9e4131b415ffa87e2eebb7af4abe158af2bb9f6e5a73f547383aad82826477a6716ab7ce33db4c499f90361cbec3c903a3394eced
-
SSDEEP
49152:xQcXy/RF6ZWpmcYbZtxPsxc6iFyVkaner:xQcXyNpmZbZty+/0kIer
Score10/10-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-