General

  • Target

    acf14efca91d4928aaabe2a5989bdf31_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241128-tzbzyssraw

  • MD5

    acf14efca91d4928aaabe2a5989bdf31

  • SHA1

    73ebb236e8e7d69b361501565dea10e27232ba0b

  • SHA256

    89dbec9a3f635988cd350df820616c02a0bc9c74e4a87cb51520f0d39a81ac89

  • SHA512

    9289492865ef5e238d01ed0bf2c3d13837707f089aa4bb6be31c5f6aabe28c2d0a286d924cf6bcaa1ca9d6dd22cfccc8f81b1e3b7ba52af3563e4142785348c3

  • SSDEEP

    24576:R7FCneGBZwn+Tfz/9xRB8ZZAVT7nVAV59j5RAXAglai1Wpr:RZCneIwnIJzB8vAVTc93AXASai1Wpr

Malware Config

Targets

    • Target

      Softcam link www.satnet.biz.htm

    • Size

      8KB

    • MD5

      138366e862b24e5035119c5272d57aa3

    • SHA1

      8035b85bfffa0591d3cc19f98c1140d5feb19f06

    • SHA256

      eab287387197e7b5a78c0cb673ff8719d2059558918e5117f8b0fd052dc106b5

    • SHA512

      30c78ce65fe6658a56e9b94e743f73ef8f9e08a72b786d8837258f98298a05bb784e9435a8912dac7e6eabddebfb32cda92f779cacf0c861661b14082a23fb50

    • SSDEEP

      192:eCfy4AbY5z5gnn8AkABPaXf27Nuz0A0YC3yZvOZvbWN8ewMXnF:eCfV+Y5z5VAkABKWKUYKyRORb0jpXnF

    Score
    3/10
    • Target

      www.satnet.biz/Install.exe

    • Size

      818KB

    • MD5

      a2cee1e2af064e875734ab3afb6a660e

    • SHA1

      de51dccd8c72a51135db4c0ef1dfafc93eeac9d2

    • SHA256

      5f5198fc2d3e2896bacc006b79843ebc022bdaa704e4d0ea17531b99038376a6

    • SHA512

      9b733d4a3460143afbc96633f242c01d1f92d3d1ee3db76e859428bb7b8f1f635b5c616f4c6ea6321edd1aa60f34115f1b44190f89061e1c931aadcc8b5099c9

    • SSDEEP

      24576:hwL/dHL3Vhr00qczLg1tF7MceAWuTMq8U3OF7nkPmSEz/C+bsm9:hwxHL3VhA09ngzF7MdAJgnmmdzBr

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      www.satnet.biz/Oktagon Softcam link www.satnet.biz.htm

    • Size

      8KB

    • MD5

      138366e862b24e5035119c5272d57aa3

    • SHA1

      8035b85bfffa0591d3cc19f98c1140d5feb19f06

    • SHA256

      eab287387197e7b5a78c0cb673ff8719d2059558918e5117f8b0fd052dc106b5

    • SHA512

      30c78ce65fe6658a56e9b94e743f73ef8f9e08a72b786d8837258f98298a05bb784e9435a8912dac7e6eabddebfb32cda92f779cacf0c861661b14082a23fb50

    • SSDEEP

      192:eCfy4AbY5z5gnn8AkABPaXf27Nuz0A0YC3yZvOZvbWN8ewMXnF:eCfV+Y5z5VAkABKWKUYKyRORb0jpXnF

    Score
    3/10
    • Target

      www.satnet.biz/SITE.url

    • Size

      233B

    • MD5

      5386dfdd6c7a3185f0ed2ba9082341e8

    • SHA1

      9cab1dbe483152a388c7d62558f6cfcfe96a003b

    • SHA256

      74633429d252ae10317f7f3d25b29e5e06729b89b6e8ba78bc3e0dfecf4acb8e

    • SHA512

      40d35c57a6656f964e67c722af23f18d57c04ce4a44c963b4201c040d68315e6b85c49f5ba8906cd24ac1b7f3efa08ed3faaa2fce62b32aaa2801134e4f12e69

    • Target

      www.satnet.biz/www.satnet.biz.htm

    • Size

      8KB

    • MD5

      bbbc11fe2fb99945a31891db430aec4d

    • SHA1

      6ccac25da18165960595a7be1a6e38ccc9325a3b

    • SHA256

      c2f6115c0a32d861bb0b4feb7daec8bc796237617d2ade992bdd745a9f741a6e

    • SHA512

      831de84570511a363e3fae8c0fa61e0d30a56127e957f960a772c4b90d2ce1091f3a7187a82f7ba6b61e08ae735889e67df5dc82bc0fc61f4effaa803c863c0c

    • SSDEEP

      192:Dafy4TY5z5gnn8AkABN5Xf27Nuz0A0YC3yZvOZvbWN8e2+XnF:DafVTY5z5VAkABDWKUYKyRORb0j2+XnF

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks