General

  • Target

    542411c9a1b0bd18643f9fd5465cb0d2

  • Size

    490KB

  • Sample

    240111-v32v8adfa5

  • MD5

    542411c9a1b0bd18643f9fd5465cb0d2

  • SHA1

    e39654b4c510ef6f664c9a2878a579441eea6187

  • SHA256

    c26394ba0e53004927c9b95c99751b098ce84e3b1a259f362e088ef6f9401011

  • SHA512

    c16dcbfc4cd557531722bc1c2b638c93b417f5894b3661c930cae85905851664c6e55cc882f603c3fb22430a050aeb11ecd4732658bc129fe2096b4cb305c43e

  • SSDEEP

    12288:FQ0huqmZCe/jn0rQQLYZFjsd2fn4AlU5mUeS2qSJhL9HZEJ:1huq6C70M2fBlU439N5EJ

Malware Config

Targets

    • Target

      542411c9a1b0bd18643f9fd5465cb0d2

    • Size

      490KB

    • MD5

      542411c9a1b0bd18643f9fd5465cb0d2

    • SHA1

      e39654b4c510ef6f664c9a2878a579441eea6187

    • SHA256

      c26394ba0e53004927c9b95c99751b098ce84e3b1a259f362e088ef6f9401011

    • SHA512

      c16dcbfc4cd557531722bc1c2b638c93b417f5894b3661c930cae85905851664c6e55cc882f603c3fb22430a050aeb11ecd4732658bc129fe2096b4cb305c43e

    • SSDEEP

      12288:FQ0huqmZCe/jn0rQQLYZFjsd2fn4AlU5mUeS2qSJhL9HZEJ:1huq6C70M2fBlU439N5EJ

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks