Overview
overview
10Static
static
3Softcam li...iz.htm
windows7-x64
3Softcam li...iz.htm
windows10-2004-x64
3www.satnet...ll.exe
windows7-x64
10www.satnet...ll.exe
windows10-2004-x64
10www.satnet...iz.htm
windows7-x64
3www.satnet...iz.htm
windows10-2004-x64
3www.satnet...TE.url
windows7-x64
6www.satnet...TE.url
windows10-2004-x64
3www.satnet...iz.htm
windows7-x64
3www.satnet...iz.htm
windows10-2004-x64
3General
-
Target
acf14efca91d4928aaabe2a5989bdf31_JaffaCakes118
-
Size
1.0MB
-
Sample
241128-tzbzyssraw
-
MD5
acf14efca91d4928aaabe2a5989bdf31
-
SHA1
73ebb236e8e7d69b361501565dea10e27232ba0b
-
SHA256
89dbec9a3f635988cd350df820616c02a0bc9c74e4a87cb51520f0d39a81ac89
-
SHA512
9289492865ef5e238d01ed0bf2c3d13837707f089aa4bb6be31c5f6aabe28c2d0a286d924cf6bcaa1ca9d6dd22cfccc8f81b1e3b7ba52af3563e4142785348c3
-
SSDEEP
24576:R7FCneGBZwn+Tfz/9xRB8ZZAVT7nVAV59j5RAXAglai1Wpr:RZCneIwnIJzB8vAVTc93AXASai1Wpr
Static task
static1
Behavioral task
behavioral1
Sample
Softcam link www.satnet.biz.htm
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Softcam link www.satnet.biz.htm
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
www.satnet.biz/Install.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
www.satnet.biz/Install.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
www.satnet.biz/Oktagon Softcam link www.satnet.biz.htm
Resource
win7-20241023-en
Behavioral task
behavioral6
Sample
www.satnet.biz/Oktagon Softcam link www.satnet.biz.htm
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
www.satnet.biz/SITE.url
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
www.satnet.biz/SITE.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
www.satnet.biz/www.satnet.biz.htm
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
www.satnet.biz/www.satnet.biz.htm
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Softcam link www.satnet.biz.htm
-
Size
8KB
-
MD5
138366e862b24e5035119c5272d57aa3
-
SHA1
8035b85bfffa0591d3cc19f98c1140d5feb19f06
-
SHA256
eab287387197e7b5a78c0cb673ff8719d2059558918e5117f8b0fd052dc106b5
-
SHA512
30c78ce65fe6658a56e9b94e743f73ef8f9e08a72b786d8837258f98298a05bb784e9435a8912dac7e6eabddebfb32cda92f779cacf0c861661b14082a23fb50
-
SSDEEP
192:eCfy4AbY5z5gnn8AkABPaXf27Nuz0A0YC3yZvOZvbWN8ewMXnF:eCfV+Y5z5VAkABKWKUYKyRORb0jpXnF
Score3/10 -
-
-
Target
www.satnet.biz/Install.exe
-
Size
818KB
-
MD5
a2cee1e2af064e875734ab3afb6a660e
-
SHA1
de51dccd8c72a51135db4c0ef1dfafc93eeac9d2
-
SHA256
5f5198fc2d3e2896bacc006b79843ebc022bdaa704e4d0ea17531b99038376a6
-
SHA512
9b733d4a3460143afbc96633f242c01d1f92d3d1ee3db76e859428bb7b8f1f635b5c616f4c6ea6321edd1aa60f34115f1b44190f89061e1c931aadcc8b5099c9
-
SSDEEP
24576:hwL/dHL3Vhr00qczLg1tF7MceAWuTMq8U3OF7nkPmSEz/C+bsm9:hwxHL3VhA09ngzF7MdAJgnmmdzBr
Score10/10-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
www.satnet.biz/Oktagon Softcam link www.satnet.biz.htm
-
Size
8KB
-
MD5
138366e862b24e5035119c5272d57aa3
-
SHA1
8035b85bfffa0591d3cc19f98c1140d5feb19f06
-
SHA256
eab287387197e7b5a78c0cb673ff8719d2059558918e5117f8b0fd052dc106b5
-
SHA512
30c78ce65fe6658a56e9b94e743f73ef8f9e08a72b786d8837258f98298a05bb784e9435a8912dac7e6eabddebfb32cda92f779cacf0c861661b14082a23fb50
-
SSDEEP
192:eCfy4AbY5z5gnn8AkABPaXf27Nuz0A0YC3yZvOZvbWN8ewMXnF:eCfV+Y5z5VAkABKWKUYKyRORb0jpXnF
Score3/10 -
-
-
Target
www.satnet.biz/SITE.url
-
Size
233B
-
MD5
5386dfdd6c7a3185f0ed2ba9082341e8
-
SHA1
9cab1dbe483152a388c7d62558f6cfcfe96a003b
-
SHA256
74633429d252ae10317f7f3d25b29e5e06729b89b6e8ba78bc3e0dfecf4acb8e
-
SHA512
40d35c57a6656f964e67c722af23f18d57c04ce4a44c963b4201c040d68315e6b85c49f5ba8906cd24ac1b7f3efa08ed3faaa2fce62b32aaa2801134e4f12e69
-
-
-
Target
www.satnet.biz/www.satnet.biz.htm
-
Size
8KB
-
MD5
bbbc11fe2fb99945a31891db430aec4d
-
SHA1
6ccac25da18165960595a7be1a6e38ccc9325a3b
-
SHA256
c2f6115c0a32d861bb0b4feb7daec8bc796237617d2ade992bdd745a9f741a6e
-
SHA512
831de84570511a363e3fae8c0fa61e0d30a56127e957f960a772c4b90d2ce1091f3a7187a82f7ba6b61e08ae735889e67df5dc82bc0fc61f4effaa803c863c0c
-
SSDEEP
192:Dafy4TY5z5gnn8AkABN5Xf27Nuz0A0YC3yZvOZvbWN8e2+XnF:DafVTY5z5VAkABDWKUYKyRORb0j2+XnF
Score3/10 -