General
-
Target
117b2ac36f492c84908be7d29c6a3ccff688165c62fdb59ab225bc4e1d473fce
-
Size
782KB
-
Sample
221127-bs1evsac34
-
MD5
6235e86206172b8a91311bf68d6cd1a2
-
SHA1
7df36b145da957647e488edfc4778524cc0b6709
-
SHA256
117b2ac36f492c84908be7d29c6a3ccff688165c62fdb59ab225bc4e1d473fce
-
SHA512
ec993866acf7e297347e16f9311647769b1f699085c62326a153df8e22cd1290981c5bcace32857d8422f74df2174f4dbbf1bebce2431b4c3b7a934428e12ea1
-
SSDEEP
12288:y3TdtLW5WIj1YSSdFxFUI78DvBSXyMzBUWb9lx/9AgHLo8OW+rB:MDsj1dE1BYTBcJ9nPx/igrp+
Static task
static1
Behavioral task
behavioral1
Sample
117b2ac36f492c84908be7d29c6a3ccff688165c62fdb59ab225bc4e1d473fce.exe
Resource
win7-20221111-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
117b2ac36f492c84908be7d29c6a3ccff688165c62fdb59ab225bc4e1d473fce
-
Size
782KB
-
MD5
6235e86206172b8a91311bf68d6cd1a2
-
SHA1
7df36b145da957647e488edfc4778524cc0b6709
-
SHA256
117b2ac36f492c84908be7d29c6a3ccff688165c62fdb59ab225bc4e1d473fce
-
SHA512
ec993866acf7e297347e16f9311647769b1f699085c62326a153df8e22cd1290981c5bcace32857d8422f74df2174f4dbbf1bebce2431b4c3b7a934428e12ea1
-
SSDEEP
12288:y3TdtLW5WIj1YSSdFxFUI78DvBSXyMzBUWb9lx/9AgHLo8OW+rB:MDsj1dE1BYTBcJ9nPx/igrp+
-
Ardamax main executable
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-