General

  • Target

    5e89d07a1fbeff15a09cb8586e3b254c

  • Size

    807KB

  • Sample

    240116-a8t3caahd8

  • MD5

    5e89d07a1fbeff15a09cb8586e3b254c

  • SHA1

    3883afa8cb87fc34bcd1a77d7a2d7a9f4b983b47

  • SHA256

    3729eb59c1480efa7bd1dfa3d76b4d694df56cb2f1d287e4b94cd270dc3482bf

  • SHA512

    d9bda323d25726a56973de3e869bfb91c9d63cd192724f4e3d59df5407e2b3b055a8a72e206cea0cee15ae083b622b74f0289a62a959ed083c93053c127ae10d

  • SSDEEP

    24576:CvKooHRhkpE37BXwRX47kZULL8cmxTa49u:CSFHRKUXMo7iRBTZE

Malware Config

Targets

    • Target

      5e89d07a1fbeff15a09cb8586e3b254c

    • Size

      807KB

    • MD5

      5e89d07a1fbeff15a09cb8586e3b254c

    • SHA1

      3883afa8cb87fc34bcd1a77d7a2d7a9f4b983b47

    • SHA256

      3729eb59c1480efa7bd1dfa3d76b4d694df56cb2f1d287e4b94cd270dc3482bf

    • SHA512

      d9bda323d25726a56973de3e869bfb91c9d63cd192724f4e3d59df5407e2b3b055a8a72e206cea0cee15ae083b622b74f0289a62a959ed083c93053c127ae10d

    • SSDEEP

      24576:CvKooHRhkpE37BXwRX47kZULL8cmxTa49u:CSFHRKUXMo7iRBTZE

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks