General
-
Target
c8ecc83a7423aa7c2252369a45f890a1
-
Size
1.2MB
-
Sample
240314-shb3ysfb6w
-
MD5
c8ecc83a7423aa7c2252369a45f890a1
-
SHA1
b591df5e9532b38cfd90f327da8847af98be5b6a
-
SHA256
ddf89f6e251a28472613d44bfebfc659f77f80e4506a02014ff0ddecb5b31192
-
SHA512
092cafd6c399d51b42d53bf3d8a896d6f9ccff8b8ea7811227e66bda6578d2d6028f8fa29dcad11aee13f6b35cd56f36551671aaa3bd40be4ffe9b91ee4bdb02
-
SSDEEP
24576:564MVTDhkLK6Eg5VCQKfq6TE/CT46X/HpInKQwVHGYrb1M6Srkreezad:564MTdluVCQMrT2k46vHIgwYri6SYHe
Malware Config
Targets
-
-
Target
c8ecc83a7423aa7c2252369a45f890a1
-
Size
1.2MB
-
MD5
c8ecc83a7423aa7c2252369a45f890a1
-
SHA1
b591df5e9532b38cfd90f327da8847af98be5b6a
-
SHA256
ddf89f6e251a28472613d44bfebfc659f77f80e4506a02014ff0ddecb5b31192
-
SHA512
092cafd6c399d51b42d53bf3d8a896d6f9ccff8b8ea7811227e66bda6578d2d6028f8fa29dcad11aee13f6b35cd56f36551671aaa3bd40be4ffe9b91ee4bdb02
-
SSDEEP
24576:564MVTDhkLK6Eg5VCQKfq6TE/CT46X/HpInKQwVHGYrb1M6Srkreezad:564MTdluVCQMrT2k46vHIgwYri6SYHe
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-