General

  • Target

    8d55fe3871a7105aaed36f4547ac5781

  • Size

    1.3MB

  • Sample

    240203-zt9lxsceej

  • MD5

    8d55fe3871a7105aaed36f4547ac5781

  • SHA1

    a48e5fbc2aa6abcad9098a99041a8fa4f2e0ceff

  • SHA256

    62f9c71d8c21f51348e828d995789ddc56939a4b234871e995d0df17938b205a

  • SHA512

    6e218234300ac22b0835bd46889db3d54482d28e83e4c6b9a39a273c464df9864017372465b3a67bd5c352729a306aaa81db025de8b335617003d08cbf383e97

  • SSDEEP

    24576:vITTaRq4t2oZdH6LPdXY5raqk0aia3NoZwGL68oZaEGBvp6B46jQzwUvN:v6TaRLvZ8L1XY5XKiw4L68ODGtky6zk

Malware Config

Targets

    • Target

      8d55fe3871a7105aaed36f4547ac5781

    • Size

      1.3MB

    • MD5

      8d55fe3871a7105aaed36f4547ac5781

    • SHA1

      a48e5fbc2aa6abcad9098a99041a8fa4f2e0ceff

    • SHA256

      62f9c71d8c21f51348e828d995789ddc56939a4b234871e995d0df17938b205a

    • SHA512

      6e218234300ac22b0835bd46889db3d54482d28e83e4c6b9a39a273c464df9864017372465b3a67bd5c352729a306aaa81db025de8b335617003d08cbf383e97

    • SSDEEP

      24576:vITTaRq4t2oZdH6LPdXY5raqk0aia3NoZwGL68oZaEGBvp6B46jQzwUvN:v6TaRLvZ8L1XY5XKiw4L68ODGtky6zk

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks