General

  • Target

    55a0c7c649451a740555a80532ae6d97

  • Size

    1.2MB

  • Sample

    240112-f9yptagce8

  • MD5

    55a0c7c649451a740555a80532ae6d97

  • SHA1

    cecda04f5b555bca7854f2b607a0f326c1f36e8f

  • SHA256

    5d2d6480ceace58def3b1e0cd88f30c1453a2cffc114b02fb1097dca08bcf7b2

  • SHA512

    31f979594967cf6342e7bb8eb50c8e339a90d9eb8c86cd84d38f6d27bb40605f29783dbc641323fe87d5421c04887c6370041def88fab5f772f56e148e223c68

  • SSDEEP

    24576:+64MVTHQeRx/j+ta7f6axjhCM2auMowBpSjSGxkRL7tCjR+wBcX:+64MTwmx/j+t6yaxjhCMeMowWjQ9tCVf

Malware Config

Targets

    • Target

      55a0c7c649451a740555a80532ae6d97

    • Size

      1.2MB

    • MD5

      55a0c7c649451a740555a80532ae6d97

    • SHA1

      cecda04f5b555bca7854f2b607a0f326c1f36e8f

    • SHA256

      5d2d6480ceace58def3b1e0cd88f30c1453a2cffc114b02fb1097dca08bcf7b2

    • SHA512

      31f979594967cf6342e7bb8eb50c8e339a90d9eb8c86cd84d38f6d27bb40605f29783dbc641323fe87d5421c04887c6370041def88fab5f772f56e148e223c68

    • SSDEEP

      24576:+64MVTHQeRx/j+ta7f6axjhCM2auMowBpSjSGxkRL7tCjR+wBcX:+64MTwmx/j+t6yaxjhCMeMowWjQ9tCVf

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks