General
-
Target
f8e4854190daf75006cba8ba80504a82f8a3d6127f10f6dd39dd0aeba042ef53
-
Size
540KB
-
Sample
221123-lrvhbsfe5x
-
MD5
6d56dc4983053ac5d03ab260a218b299
-
SHA1
bbbb3ba43904b41a442c22b59a2f3492957aa0a6
-
SHA256
f8e4854190daf75006cba8ba80504a82f8a3d6127f10f6dd39dd0aeba042ef53
-
SHA512
7603cb624fb1a3304e8f8a2576d635308ac788b2a6472aa12b0971cd99f55ef8c3fc67c9c58c313512639a1012968896319d87f15845afe5e5d91d9d82ea9555
-
SSDEEP
12288:EdCsfdZ7Bc8rnImOt07DvvBHVqOO6f9G1AkpLKxAhTTGv2q:EPO8r3QgrzqOnfgGSA6TSO
Malware Config
Targets
-
-
Target
f8e4854190daf75006cba8ba80504a82f8a3d6127f10f6dd39dd0aeba042ef53
-
Size
540KB
-
MD5
6d56dc4983053ac5d03ab260a218b299
-
SHA1
bbbb3ba43904b41a442c22b59a2f3492957aa0a6
-
SHA256
f8e4854190daf75006cba8ba80504a82f8a3d6127f10f6dd39dd0aeba042ef53
-
SHA512
7603cb624fb1a3304e8f8a2576d635308ac788b2a6472aa12b0971cd99f55ef8c3fc67c9c58c313512639a1012968896319d87f15845afe5e5d91d9d82ea9555
-
SSDEEP
12288:EdCsfdZ7Bc8rnImOt07DvvBHVqOO6f9G1AkpLKxAhTTGv2q:EPO8r3QgrzqOnfgGSA6TSO
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-