General

  • Target

    56f745ec74b5e44fb9c806f585b179d7

  • Size

    558KB

  • Sample

    240112-t7c7zsbgfp

  • MD5

    56f745ec74b5e44fb9c806f585b179d7

  • SHA1

    b271cc8b1ad4038fe5541bace72f914a5286b8e4

  • SHA256

    eccee6212fd908aa3223509bc9dc84de255cef6086b092ebb1d7c123c52bcad3

  • SHA512

    b0ff898d5791388f3c447b02d243804a6d8576ee8ad212830c59a1f16007a864d8db20be1d91bc50cf26449a88b988961853551c9ea6a46fd48a5217da1fc208

  • SSDEEP

    12288:1SVuJMsUDwJ8WuTyucQFryVAtHMmbwIocn8l1YHqmG:Ws2DWuc6eVAtsgdocn8wHqp

Malware Config

Targets

    • Target

      56f745ec74b5e44fb9c806f585b179d7

    • Size

      558KB

    • MD5

      56f745ec74b5e44fb9c806f585b179d7

    • SHA1

      b271cc8b1ad4038fe5541bace72f914a5286b8e4

    • SHA256

      eccee6212fd908aa3223509bc9dc84de255cef6086b092ebb1d7c123c52bcad3

    • SHA512

      b0ff898d5791388f3c447b02d243804a6d8576ee8ad212830c59a1f16007a864d8db20be1d91bc50cf26449a88b988961853551c9ea6a46fd48a5217da1fc208

    • SSDEEP

      12288:1SVuJMsUDwJ8WuTyucQFryVAtHMmbwIocn8l1YHqmG:Ws2DWuc6eVAtsgdocn8wHqp

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks