General
-
Target
d2d065a3a3af267094c0a1a628284090_JaffaCakes118
-
Size
264KB
-
Sample
241207-rchg4szlcp
-
MD5
d2d065a3a3af267094c0a1a628284090
-
SHA1
df6a3afe19193c074df0aced10e7e3be405d4ce0
-
SHA256
d9d714f69e5da9beb4d44b2ec26d57abf654e03c562bbc18a1ca06272a9cb570
-
SHA512
3e29247b30f2b2c912e199e07c8379f4652d7818741d582531316a83c1ea3a9e19bbc6cf40913e4bb57501b6a182eb7f5895d925fc9d48b984ea510f7227a558
-
SSDEEP
6144:AmpyGgro0YEApz1Tu80xC19YrNJzH/AchAmJsqzcQQMxLXk4h:Av2EahTu86CUr/eKTcQrXBh
Static task
static1
Behavioral task
behavioral1
Sample
d2d065a3a3af267094c0a1a628284090_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d2d065a3a3af267094c0a1a628284090_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.lua.pl - Port:
21 - Username:
mhhm - Password:
lukasz50
Targets
-
-
Target
d2d065a3a3af267094c0a1a628284090_JaffaCakes118
-
Size
264KB
-
MD5
d2d065a3a3af267094c0a1a628284090
-
SHA1
df6a3afe19193c074df0aced10e7e3be405d4ce0
-
SHA256
d9d714f69e5da9beb4d44b2ec26d57abf654e03c562bbc18a1ca06272a9cb570
-
SHA512
3e29247b30f2b2c912e199e07c8379f4652d7818741d582531316a83c1ea3a9e19bbc6cf40913e4bb57501b6a182eb7f5895d925fc9d48b984ea510f7227a558
-
SSDEEP
6144:AmpyGgro0YEApz1Tu80xC19YrNJzH/AchAmJsqzcQQMxLXk4h:Av2EahTu86CUr/eKTcQrXBh
Score10/10-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-