General

  • Target

    5b5d88c6590b95e58fcac42b9da9cddd

  • Size

    1.4MB

  • Sample

    240114-qs7w9sbgf9

  • MD5

    5b5d88c6590b95e58fcac42b9da9cddd

  • SHA1

    2ca375a003aec2bb480b119c627b605aaf661ad8

  • SHA256

    4a890791b704f5748e9be66f5b3f9e21dc85683f7df4c79498fea4e77e8aaa1c

  • SHA512

    de31a78d14bcb744dcd9e327e049e55c1feb4f7e2334ae83b06d08487d0d7dae3d419eac7028b9bf25decd07790b2b4e06c31e7a569ea3f931e2b36535e5bc9e

  • SSDEEP

    24576:Rd8tgh8HUFdihkpMONi909HC0aYaC2MeZ5WhUS/05P3ihxGQtdP3L4hXWDYjub41:D8+yHEcKXU+aYaC2s/05fi6SwXWDYjeM

Malware Config

Targets

    • Target

      5b5d88c6590b95e58fcac42b9da9cddd

    • Size

      1.4MB

    • MD5

      5b5d88c6590b95e58fcac42b9da9cddd

    • SHA1

      2ca375a003aec2bb480b119c627b605aaf661ad8

    • SHA256

      4a890791b704f5748e9be66f5b3f9e21dc85683f7df4c79498fea4e77e8aaa1c

    • SHA512

      de31a78d14bcb744dcd9e327e049e55c1feb4f7e2334ae83b06d08487d0d7dae3d419eac7028b9bf25decd07790b2b4e06c31e7a569ea3f931e2b36535e5bc9e

    • SSDEEP

      24576:Rd8tgh8HUFdihkpMONi909HC0aYaC2MeZ5WhUS/05P3ihxGQtdP3L4hXWDYjub41:D8+yHEcKXU+aYaC2s/05fi6SwXWDYjeM

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks