Overview

overview

10

Static

static

3

d0b79024ee...ff.exe

windows7-x64

10

d0b79024ee...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0b79024ee020cd655a34c63511867ff

  • Size

    350KB

  • Sample

    240317-m7myvsch78

  • MD5

    d0b79024ee020cd655a34c63511867ff

  • SHA1

    5283dd4baad7404b71bfd121bd9e115bb9f49ab1

  • SHA256

    8e90ab7c2d6e906ff2d714f787c6ae0222f1871b409105b68d2c7ee529cebf74

  • SHA512

    edcd45d64b2058587cf5bb94f7e3fa7c445b6da7cb63758cb1641ec5ea86e2614279392d686ffbd7c7b01c6475cf3a9f3409c4897bd9bc3ec1810b872161a2f7

  • SSDEEP

    6144:mZuuObR8sVImcyY5ytxByUMMebyGCnwoVNFZoknfovnVFHt9zIS+lwm5qOw:tV+mz3WUebaNjovVFHN+lwJ5

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      d0b79024ee020cd655a34c63511867ff

    • Size

      350KB

    • MD5

      d0b79024ee020cd655a34c63511867ff

    • SHA1

      5283dd4baad7404b71bfd121bd9e115bb9f49ab1

    • SHA256

      8e90ab7c2d6e906ff2d714f787c6ae0222f1871b409105b68d2c7ee529cebf74

    • SHA512

      edcd45d64b2058587cf5bb94f7e3fa7c445b6da7cb63758cb1641ec5ea86e2614279392d686ffbd7c7b01c6475cf3a9f3409c4897bd9bc3ec1810b872161a2f7

    • SSDEEP

      6144:mZuuObR8sVImcyY5ytxByUMMebyGCnwoVNFZoknfovnVFHt9zIS+lwm5qOw:tV+mz3WUebaNjovVFHN+lwJ5

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks