General

  • Target

    80049891c0070c6b8f3c0a08e6b13808

  • Size

    341KB

  • Sample

    240129-rch4mschal

  • MD5

    80049891c0070c6b8f3c0a08e6b13808

  • SHA1

    41a5733e46db48299acee063127be0574ff37f54

  • SHA256

    e5213f30aae396aa26326565a3baf243675769980db242a69565617d233099b9

  • SHA512

    344d34770a679e77118fdf491a03685bb7963d20604bfbcc44f6f69b07ae0120d2209682c215f20645322cf2dcb171bb3948d38c5c435fcd93f57b48e167972d

  • SSDEEP

    6144:Fov6iKKjQJGjEH5WqvmlahXz/hMLUqswiu803uspOYKB1AbdBX96AEIlg+0WHLtw:6hKKkJd5nmshjpMLL+u80TvK3aXh1g+s

Malware Config

Targets

    • Target

      80049891c0070c6b8f3c0a08e6b13808

    • Size

      341KB

    • MD5

      80049891c0070c6b8f3c0a08e6b13808

    • SHA1

      41a5733e46db48299acee063127be0574ff37f54

    • SHA256

      e5213f30aae396aa26326565a3baf243675769980db242a69565617d233099b9

    • SHA512

      344d34770a679e77118fdf491a03685bb7963d20604bfbcc44f6f69b07ae0120d2209682c215f20645322cf2dcb171bb3948d38c5c435fcd93f57b48e167972d

    • SSDEEP

      6144:Fov6iKKjQJGjEH5WqvmlahXz/hMLUqswiu803uspOYKB1AbdBX96AEIlg+0WHLtw:6hKKkJd5nmshjpMLL+u80TvK3aXh1g+s

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks