General

  • Target

    5d3a9843c2775f441d85ab36684ff9ea

  • Size

    2.2MB

  • Sample

    240115-qyvtwshga5

  • MD5

    5d3a9843c2775f441d85ab36684ff9ea

  • SHA1

    dbf84cc5928dfdd65f4a6abb6d95092cee3c23ab

  • SHA256

    6f3a33d89c99cfc5086c058a867cfa376927a56afe529049b88bf1d1ee2cc3c3

  • SHA512

    7235026cfee7b887279c5ee4d144776243a05da005b414392374091a75428022313b27b7e02601577293bc8d33f77c90ef7dedc84efe6dc0945cc89b9ab16fa2

  • SSDEEP

    49152:J3tTv6qN8HFQtS1fm3N9iyJO+oaxaSCO5cNKh1WTUWBxsvwSnGHZ:JJ6qN8lQQpm90iozBKh1OhxK7GH

Malware Config

Targets

    • Target

      5d3a9843c2775f441d85ab36684ff9ea

    • Size

      2.2MB

    • MD5

      5d3a9843c2775f441d85ab36684ff9ea

    • SHA1

      dbf84cc5928dfdd65f4a6abb6d95092cee3c23ab

    • SHA256

      6f3a33d89c99cfc5086c058a867cfa376927a56afe529049b88bf1d1ee2cc3c3

    • SHA512

      7235026cfee7b887279c5ee4d144776243a05da005b414392374091a75428022313b27b7e02601577293bc8d33f77c90ef7dedc84efe6dc0945cc89b9ab16fa2

    • SSDEEP

      49152:J3tTv6qN8HFQtS1fm3N9iyJO+oaxaSCO5cNKh1WTUWBxsvwSnGHZ:JJ6qN8lQQpm90iozBKh1OhxK7GH

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks