General
-
Target
JaffaCakes118_ce8cce13753044619862690903a78366a5bae75d6d28dd1d72ce4195ed69d319
-
Size
331KB
-
Sample
241224-a4n1jawrax
-
MD5
6042c40a57c02d426c2e2acd9f2bc0b2
-
SHA1
65c1ba0bab5936f8a55d7735918459aa489f9200
-
SHA256
ce8cce13753044619862690903a78366a5bae75d6d28dd1d72ce4195ed69d319
-
SHA512
9a2457255d1b0ae2e5bb291cb7b8f9e1358306a55326ef714d32c979819d4da5ca0f937e45a9f1c19b82446f74a701193d05be3e641a092c3309963972ee9aa7
-
SSDEEP
6144:C6+jqQ2oya8Kt17AtPJnFOLNBYUMdQ04PNvRy6ImJJWwd:CbX9p8i17ANbOLAUy6VvRyGJEwd
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_ce8cce13753044619862690903a78366a5bae75d6d28dd1d72ce4195ed69d319.exe
Resource
win7-20241010-en
Malware Config
Extracted
amadey
3.10
d8b51d
http://193.106.191.218
-
install_dir
98d3052e12
-
install_file
orxds.exe
-
strings_key
cb1d9c802af40fc7b0f3697a01a3365a
-
url_paths
/8bed3CS/index.php
Targets
-
-
Target
JaffaCakes118_ce8cce13753044619862690903a78366a5bae75d6d28dd1d72ce4195ed69d319
-
Size
331KB
-
MD5
6042c40a57c02d426c2e2acd9f2bc0b2
-
SHA1
65c1ba0bab5936f8a55d7735918459aa489f9200
-
SHA256
ce8cce13753044619862690903a78366a5bae75d6d28dd1d72ce4195ed69d319
-
SHA512
9a2457255d1b0ae2e5bb291cb7b8f9e1358306a55326ef714d32c979819d4da5ca0f937e45a9f1c19b82446f74a701193d05be3e641a092c3309963972ee9aa7
-
SSDEEP
6144:C6+jqQ2oya8Kt17AtPJnFOLNBYUMdQ04PNvRy6ImJJWwd:CbX9p8i17ANbOLAUy6VvRyGJEwd
-
Amadey family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-