General
-
Target
475a18d343b1bf374dd244cde93e05d11f1e152afda0d0174dda990ff7c50adc
-
Size
674KB
-
Sample
221002-td3ksaded7
-
MD5
7035c7e580440f49a9c218f44996255d
-
SHA1
d52d94dbc07e7a0dbf3890fa4a2cdd851e1937a9
-
SHA256
475a18d343b1bf374dd244cde93e05d11f1e152afda0d0174dda990ff7c50adc
-
SHA512
3cd94363d1748da679d34180bc4838a3967306644ad7611c378a37f7ccc8d79df7bf8e2b12ec8bd5f94032e0e0403df3c3ca4f55747e682edc88dc2db8a4e9ba
-
SSDEEP
12288:S3TdtLW5WIj1YSSdFx1s1PB25vBSXyMzBUWb9lx/9AgHLo8OW+rB8:sDsj1dECp8pBcJ9nPx/igrp+q
Static task
static1
Behavioral task
behavioral1
Sample
475a18d343b1bf374dd244cde93e05d11f1e152afda0d0174dda990ff7c50adc.exe
Resource
win7-20220812-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
475a18d343b1bf374dd244cde93e05d11f1e152afda0d0174dda990ff7c50adc
-
Size
674KB
-
MD5
7035c7e580440f49a9c218f44996255d
-
SHA1
d52d94dbc07e7a0dbf3890fa4a2cdd851e1937a9
-
SHA256
475a18d343b1bf374dd244cde93e05d11f1e152afda0d0174dda990ff7c50adc
-
SHA512
3cd94363d1748da679d34180bc4838a3967306644ad7611c378a37f7ccc8d79df7bf8e2b12ec8bd5f94032e0e0403df3c3ca4f55747e682edc88dc2db8a4e9ba
-
SSDEEP
12288:S3TdtLW5WIj1YSSdFx1s1PB25vBSXyMzBUWb9lx/9AgHLo8OW+rB8:sDsj1dECp8pBcJ9nPx/igrp+q
-
Ardamax main executable
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-