ardamax | 001288a0433a4f7f7773e6a6eb6239a2833a248c1c22a51536d2e999826d32b3 | Triage

Sharing

General

Target

001288a0433a4f7f7773e6a6eb6239a2833a248c1c22a51536d2e999826d32b3
Size

2.2MB
Sample

221125-sy293sge36
MD5

b4ad074a8cc0932332dd435c4ec3052e
SHA1

1654e08d948b9a78d54bb143f49acc1dd088835d
SHA256

001288a0433a4f7f7773e6a6eb6239a2833a248c1c22a51536d2e999826d32b3
SHA512

80adc6c39e1f227f4e3ec02333f4ecdbaa06391757e0b27fa3927fea772a13bfb1192b132766cd9f860389c5c41f500b60b94c2c437e32689cdf3b45761472a4
SSDEEP

49152:WuWek/PEyYF3YyKbYuWP1Cv+9iw7ejivqrt5PmZSoaXUHQ16:QXqe8xP1ri865PIaXZ16

Score

10^/10

ardamax keylogger persistence stealer

Malware Config

Targets

- Target
  
  001288a0433a4f7f7773e6a6eb6239a2833a248c1c22a51536d2e999826d32b3
- Size
  
  2.2MB
- MD5
  
  b4ad074a8cc0932332dd435c4ec3052e
- SHA1
  
  1654e08d948b9a78d54bb143f49acc1dd088835d
- SHA256
  
  001288a0433a4f7f7773e6a6eb6239a2833a248c1c22a51536d2e999826d32b3
- SHA512
  
  80adc6c39e1f227f4e3ec02333f4ecdbaa06391757e0b27fa3927fea772a13bfb1192b132766cd9f860389c5c41f500b60b94c2c437e32689cdf3b45761472a4
- SSDEEP
  
  49152:WuWek/PEyYF3YyKbYuWP1Cv+9iw7ejivqrt5PmZSoaXUHQ16:QXqe8xP1ri865PIaXZ16
Score

10^/10

ardamax keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ardamaxkeyloggerpersistencestealer

behavioral2

ardamaxkeyloggerpersistencestealer