General

  • Target

    88a7d23cc3923564640e1c6fb4b73716

  • Size

    1.2MB

  • Sample

    240202-fzpddsefe3

  • MD5

    88a7d23cc3923564640e1c6fb4b73716

  • SHA1

    68e89fce81f7d0a45a9fd82b8779bc85ea0f5210

  • SHA256

    41eb872174aec322bd4ead6f8305461a62dbcdd3cf0ef46065c8ac585c7509e8

  • SHA512

    83d67dbe5092662737cc8a36f1713844da22e4b2cf15379aadc8eadab74f00b56a854af8cb01a5ca110c56fcc5d09cc6db48f37f6447b1d46d1bf999c0c9d779

  • SSDEEP

    24576:EzwTT6d0kiV20le7KEBMd4jekVX5cT3x7T8MbqyTI1cG6M30vF+:Ez+ThkHDOajekbgBz/uc56

Malware Config

Targets

    • Target

      88a7d23cc3923564640e1c6fb4b73716

    • Size

      1.2MB

    • MD5

      88a7d23cc3923564640e1c6fb4b73716

    • SHA1

      68e89fce81f7d0a45a9fd82b8779bc85ea0f5210

    • SHA256

      41eb872174aec322bd4ead6f8305461a62dbcdd3cf0ef46065c8ac585c7509e8

    • SHA512

      83d67dbe5092662737cc8a36f1713844da22e4b2cf15379aadc8eadab74f00b56a854af8cb01a5ca110c56fcc5d09cc6db48f37f6447b1d46d1bf999c0c9d779

    • SSDEEP

      24576:EzwTT6d0kiV20le7KEBMd4jekVX5cT3x7T8MbqyTI1cG6M30vF+:Ez+ThkHDOajekbgBz/uc56

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks