Overview

overview

10

Static

static

f45bc2bba1...44.exe

windows7-x64

10

f45bc2bba1...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f45bc2bba1b99f3e0bf16c368d0701d4530525f98a439ed9995d3f2187d87644

  • Size

    1.1MB

  • Sample

    221206-vtdf9sgd32

  • MD5

    e3b5e3fabd7a111f99370e689772d627

  • SHA1

    f410042edf27ce22758d806eb9e2172aec92a97e

  • SHA256

    f45bc2bba1b99f3e0bf16c368d0701d4530525f98a439ed9995d3f2187d87644

  • SHA512

    af665d55d78e686825aa4910d9a1c59b16b5eb8563716048a3a07bb7aeb365d72746e2fa910cdabeda95b884552b145a5b5c1f629e3adb096bf4e2fd5821f60d

  • SSDEEP

    24576:5ZxTV3uWFp7nxW9ehwc92mJV8i9+hbWE+LGi6NB5kH7yj/nVC5Gp0lgW7v:5XTVt5/9bJRstHaPuBU7yhCF

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      f45bc2bba1b99f3e0bf16c368d0701d4530525f98a439ed9995d3f2187d87644

    • Size

      1.1MB

    • MD5

      e3b5e3fabd7a111f99370e689772d627

    • SHA1

      f410042edf27ce22758d806eb9e2172aec92a97e

    • SHA256

      f45bc2bba1b99f3e0bf16c368d0701d4530525f98a439ed9995d3f2187d87644

    • SHA512

      af665d55d78e686825aa4910d9a1c59b16b5eb8563716048a3a07bb7aeb365d72746e2fa910cdabeda95b884552b145a5b5c1f629e3adb096bf4e2fd5821f60d

    • SSDEEP

      24576:5ZxTV3uWFp7nxW9ehwc92mJV8i9+hbWE+LGi6NB5kH7yj/nVC5Gp0lgW7v:5XTVt5/9bJRstHaPuBU7yhCF

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks