General

  • Target

    VirusShare-005bac8eebeef9b7ad5b9cd7c2f7cc31

  • Size

    611KB

  • Sample

    240202-2axjcsbgej

  • MD5

    005bac8eebeef9b7ad5b9cd7c2f7cc31

  • SHA1

    e542c11e4d96465c751385e1c6e54724bf89882e

  • SHA256

    86e004c6719c4825b8ed8bb1c8fd69789e5b6b0d6cb6a0ced644b829da12a6ed

  • SHA512

    1c86c425525818f212a05b3603ab776cb231ab29bd402262f6dbab0679c80b6fb4685bb84bc3a4a5a78e94373ac6afcc56b4a176c8745015e57075ada234ea3d

  • SSDEEP

    12288:GGnhcIbSWjP9Zj1Ob8Vd5d0BwizaHKVGka0oOSElDbHeVm:7nPb9HRZPmwi0KVJbSWek

Malware Config

Targets

    • Target

      VirusShare-005bac8eebeef9b7ad5b9cd7c2f7cc31

    • Size

      611KB

    • MD5

      005bac8eebeef9b7ad5b9cd7c2f7cc31

    • SHA1

      e542c11e4d96465c751385e1c6e54724bf89882e

    • SHA256

      86e004c6719c4825b8ed8bb1c8fd69789e5b6b0d6cb6a0ced644b829da12a6ed

    • SHA512

      1c86c425525818f212a05b3603ab776cb231ab29bd402262f6dbab0679c80b6fb4685bb84bc3a4a5a78e94373ac6afcc56b4a176c8745015e57075ada234ea3d

    • SSDEEP

      12288:GGnhcIbSWjP9Zj1Ob8Vd5d0BwizaHKVGka0oOSElDbHeVm:7nPb9HRZPmwi0KVJbSWek

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks