General

  • Target

    7971306282c59532f74e328ee03eb632

  • Size

    6.4MB

  • Sample

    240127-gklvdsgahq

  • MD5

    7971306282c59532f74e328ee03eb632

  • SHA1

    3ed32bc0bd3265569427559fc71a7a355a2e9c6d

  • SHA256

    b645cbdd50cd9f593d3fdd8e26c6c00b5f0e41f5a8f5fe19fa00bc68d76abbff

  • SHA512

    56ef1dcfaab0634a070d761bfe3ca59f8b1354566fb5177e89270c4072cfabdcc08b399818d6503c8f6834e0b0cd61249fb4880d4bf80b1f0c911558e5a2a95a

  • SSDEEP

    196608:gNZtKfMWn2jLYfNbykvXt/NY1uMb/uZDoeNY4nci:gjEn23YfNbPuKpoOyi

Malware Config

Targets

    • Target

      IDM-LIFE-TIME-PATCH/IDM-Life.Time.Patch.exe

    • Size

      2.2MB

    • MD5

      61981e458a1dd680cfbb571a29c1f4fb

    • SHA1

      1993d6ffc5d5b19ab76aa25f81b85f10a53da5bc

    • SHA256

      0f92a3768964f4455566b121e2163c5644534da98e7f25a6ac56d70c1788c2c7

    • SHA512

      f24a28c3097cf302e6b758dcadc75353e09f32b9c9bca78a8c1cfd8020c8204d6c8be57abe3e087cb2e1f26bf17817d8ec8edf035401c0617fa9894315fa6577

    • SSDEEP

      49152:kpmLSK/1ElMTzYA+gS3fXvfp1DErK8XdfiiGSwNRzrwN8xR:kclOeT/S3f/st4S+uNg

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Target

      IDM-LIFE-TIME-PATCH/idman607.exe

    • Size

      4.3MB

    • MD5

      a66d6c88d73aa81efeb53aafb69b6c76

    • SHA1

      56761b05fd8f512d785f3c21af15e727c5deabfc

    • SHA256

      165e4bfb1c7bf464c2783c6b21f741be6020105db12f6827984e066a8b1256c9

    • SHA512

      e11faca945c32c6bb24efa92c98fabbe7574933f4cec23bb625495e7283dae10df00e518083bd8696588d0c5a7246c396625ce9e4bd721865b144cec3e4c3313

    • SSDEEP

      98304:gkeU55pjqYVWGqOTgUKqrNx8fgERdUnrMBB0X6oYsST7bV5UBjSaXRVVlgJwWtH:l75pj3oGpgY5x8fjdUrM6jAajlPX9WtH

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      www.4Teach.com.url

    • Size

      208B

    • MD5

      62135077e8f2141e65f1e4b454956593

    • SHA1

      d2d377c8036faa945b887070c4a5f97d3e76afa1

    • SHA256

      37bdacbad1d00212daa00e67510afe9101bc1ca900bdcbf2e2454312c063584b

    • SHA512

      5eef1aefddd6f85b39c98a1b29746b56d89f75f62ca37ed3b6e83c292eb83852636710b2f3e7ab5922c67d5717287e2eac2e0b33635f464b68b4d7ee21ee09d7

    Score
    6/10

MITRE ATT&CK Enterprise v15

Tasks