General

  • Target

    5c6dc9dcf8154528c0aeda70250dc3dc

  • Size

    5.8MB

  • Sample

    240115-hrdb9sbchl

  • MD5

    5c6dc9dcf8154528c0aeda70250dc3dc

  • SHA1

    75244326ebcde49e4822c2f60d75e566d0d1671a

  • SHA256

    e1665aa8cbebe7973af2c8989c9e4ac3324403a59d1fd9e25326b90618b2ffcf

  • SHA512

    e2e8c4fcf44bb9caa4fac9120e38f558809982e5351a3d77a3ba8f5d5628ddf7ca4440489dcc1a79ccc8a85aeda9ef7a86e1e0cfa6194d80a0447765ad67ba14

  • SSDEEP

    98304:/rzlCX/406AFE5YrQLZSFrXyEAobFvFzYGzK5UBtG6zPt7rG0vZV84fnOij/wrcp:DRD0HYYrQerXjhk4BtfzPt7r3V8mwDM9

Malware Config

Targets

    • Target

      5c6dc9dcf8154528c0aeda70250dc3dc

    • Size

      5.8MB

    • MD5

      5c6dc9dcf8154528c0aeda70250dc3dc

    • SHA1

      75244326ebcde49e4822c2f60d75e566d0d1671a

    • SHA256

      e1665aa8cbebe7973af2c8989c9e4ac3324403a59d1fd9e25326b90618b2ffcf

    • SHA512

      e2e8c4fcf44bb9caa4fac9120e38f558809982e5351a3d77a3ba8f5d5628ddf7ca4440489dcc1a79ccc8a85aeda9ef7a86e1e0cfa6194d80a0447765ad67ba14

    • SSDEEP

      98304:/rzlCX/406AFE5YrQLZSFrXyEAobFvFzYGzK5UBtG6zPt7rG0vZV84fnOij/wrcp:DRD0HYYrQerXjhk4BtfzPt7r3V8mwDM9

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks