General
-
Target
4427053e2df1e1c9cb7ef7b3131c097d2676d279805c9e620053d19efe1c6469
-
Size
785KB
-
Sample
221002-lafmvaacfj
-
MD5
67904ceebc2d60baafb73f3c119e9be1
-
SHA1
b85396b8a67fb469fa001a1070bbb0ba90f9607e
-
SHA256
4427053e2df1e1c9cb7ef7b3131c097d2676d279805c9e620053d19efe1c6469
-
SHA512
b0c58bd6e94b444714b64b667a7342800c06d188c20f627acbc33ef5531baec0e3c6b3cf5a3c102b0f2be1fdb5661a7418407f7a4d18f746d04bf830c463cafe
-
SSDEEP
12288:JEXQ9t3S0sq3tz4ekl996E4iISTf9i4eQoEpTHbUERQziIvBo+dC6F8APV0lJqjC:kCt3XER99lf6QoEp7bKznBvM6v+lY2
Malware Config
Targets
-
-
Target
4427053e2df1e1c9cb7ef7b3131c097d2676d279805c9e620053d19efe1c6469
-
Size
785KB
-
MD5
67904ceebc2d60baafb73f3c119e9be1
-
SHA1
b85396b8a67fb469fa001a1070bbb0ba90f9607e
-
SHA256
4427053e2df1e1c9cb7ef7b3131c097d2676d279805c9e620053d19efe1c6469
-
SHA512
b0c58bd6e94b444714b64b667a7342800c06d188c20f627acbc33ef5531baec0e3c6b3cf5a3c102b0f2be1fdb5661a7418407f7a4d18f746d04bf830c463cafe
-
SSDEEP
12288:JEXQ9t3S0sq3tz4ekl996E4iISTf9i4eQoEpTHbUERQziIvBo+dC6F8APV0lJqjC:kCt3XER99lf6QoEp7bKznBvM6v+lY2
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-