ardamax | f4ed82101d7f7ba519079ea91d3a4c18d974d72ccc0dd63747c33b0aeedb82b9 | Triage

Sharing

General

Target

f4ed82101d7f7ba519079ea91d3a4c18d974d72ccc0dd63747c33b0aeedb82b9
Size

1.7MB
Sample

240413-dsf3bsah28
MD5

61929454e676a70007a6c5c3ac3cd6eb
SHA1

4ab14feaa6a48c51ddacc26fa4b413882c908f20
SHA256

f4ed82101d7f7ba519079ea91d3a4c18d974d72ccc0dd63747c33b0aeedb82b9
SHA512

1d1ce809fde313f38e100e312e65eb7c70924e36e09c1829a95efab7eecf14cedf38d0834252b81d123fab2ac30824aeeafb2067ca94962a5b8175796f709f55
SSDEEP

24576:Tf+k29Hj7FoYIba9AMLJwMLIZCvFppMCJxMfjCGchGWcsYV3zihNOXLJcQHbijIe:Tx2zoUhesA0FXM6Mfj3iXMFcQHKemP

Score

10^/10

ardamax keylogger stealer upx

Malware Config

Targets

- Target
  
  f4ed82101d7f7ba519079ea91d3a4c18d974d72ccc0dd63747c33b0aeedb82b9
- Size
  
  1.7MB
- MD5
  
  61929454e676a70007a6c5c3ac3cd6eb
- SHA1
  
  4ab14feaa6a48c51ddacc26fa4b413882c908f20
- SHA256
  
  f4ed82101d7f7ba519079ea91d3a4c18d974d72ccc0dd63747c33b0aeedb82b9
- SHA512
  
  1d1ce809fde313f38e100e312e65eb7c70924e36e09c1829a95efab7eecf14cedf38d0834252b81d123fab2ac30824aeeafb2067ca94962a5b8175796f709f55
- SSDEEP
  
  24576:Tf+k29Hj7FoYIba9AMLJwMLIZCvFppMCJxMfjCGchGWcsYV3zihNOXLJcQHbijIe:Tx2zoUhesA0FXM6Mfj3iXMFcQHKemP
Score

10^/10

ardamax keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AccessControl.dll
- Size
  
  8KB
- MD5
  
  9f1a88b953fd2a2c23b09703b253186c
- SHA1
  
  29d5a5a24e7f782a07e9f5d2ec1d1a6218fec737
- SHA256
  
  8a8f5bafc105186c85f14e017ab6da33ae8f88a9635e51756f90b6d95381d80d
- SHA512
  
  10b3a812c92b7324bddcd23adf923fcaec2532f31bdd9fbf17494fc33f99aa0a0a48b94f1fdd6599fa0189567626a90b324a1d132bf9cb8b00a6afc547e64018
- SSDEEP
  
  192:RmcLe8uWVNz5ZalBK/7rUlYg5q5LcywvX5:RJdNzMKXUlYg5qPq5
Score

9^/10

upx
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/CallAnsiPlugin.dll
- Size
  
  3KB
- MD5
  
  c8ff7c87b591958cb1970a7d89b9839f
- SHA1
  
  9d34a40b574eabd6bd321c976a13ab0f4d0ef236
- SHA256
  
  2703314a0d03377c6774dad865c292d4808bc4f748871f16f142c09527c5e617
- SHA512
  
  30a0cbefced3d1d044067e188fedb1137b1734c237ed9ffe52c009c46600ec081610e2e861074eacd5bb6252e20136bd13a800ce5704b39d2978571766dec13f
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/DcryptDll.dll
- Size
  
  14KB
- MD5
  
  904beebec2790ee2ca0c90fc448ac7e0
- SHA1
  
  40fabf1eb0a3b7168351c4514c5288216cb1566d
- SHA256
  
  f730d9385bf72eac5d579bcf1f7e4330f1d239ca1054d4ead48e9e363d9f4222
- SHA512
  
  8bdbbaaf73e396cf9fd9866b3e824b7e70c59a2bdefdb3236387e60d0e645d011265fe79fb193f6c0d6abe2e9c01260720c71cd8f068fcc4624760511c54efaa
- SSDEEP
  
  192:apY9VuCnNCbs8dNyHdrvr5T1KEtx/9ehuhiDTUkSv/DxRyeHk51I7n13Xm:aptMNUjyVvGWxauhiDDS3DnyK7nF
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a4dd044bcd94e9b3370ccf095b31f896
- SHA1
  
  17c78201323ab2095bc53184aa8267c9187d5173
- SHA256
  
  2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
- SHA512
  
  87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a
- SSDEEP
  
  192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  0d45588070cf728359055f776af16ec4
- SHA1
  
  c4375ceb2883dee74632e81addbfa4e8b0c6d84a
- SHA256
  
  067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
- SHA512
  
  751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415
- SSDEEP
  
  192:ob8cSzvTyl4tgi8pPjQM0PuAg0YNyhIFtSP:mBSzm+t18pZ0WAg0RhIFg
Score

3^/10
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  c5b9fe538654a5a259cf64c2455c5426
- SHA1
  
  db45505fa041af025de53a0580758f3694b9444a
- SHA256
  
  7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7
- SHA512
  
  f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa
- SSDEEP
  
  96:xr7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkNL38:xxbGgGPzxeX6D8ZyGgmkN
Score

3^/10
behavioral15 behavioral16
- Target
  
  Uninstall.exe
- Size
  
  54KB
- MD5
  
  bb4c8549a67b898f86b7d0238b6a5bbf
- SHA1
  
  c772d8d8df704a29b914d62b3cae619b2613cee0
- SHA256
  
  a205001713f20e7f40c3ca99ef8420e7f25aa3f30dc12da9da4bb59481d1fabc
- SHA512
  
  6b7f76d0b82ca6b2edad1e53b52966c594fa45969a0941a145bb7df326a1bf74fcd8e8a5d59587b6da9b0512251908400eb4c496a961987349fec53b81a172f5
- SSDEEP
  
  768:/nYYHhho+VUkSko1SJvs8evqUlwPSGiVKu0plz1iqc5rQ9NCC1VhsL0adHZ2ysN7:QYHhhDWkSkWIGq4wjiKu0P16Gl1Vh71
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral19 behavioral20
- Target
  
  lzma.exe
- Size
  
  63KB
- MD5
  
  1c4d758c0954e843d2fa22703f653421
- SHA1
  
  d577e6f63cb53f5f68f094b9fbaefe5b0087e933
- SHA256
  
  f776415281ed68268577142b60839d0937c112be1ba0fb8470f5a387afc3ba62
- SHA512
  
  5b8c02473b8f57d243cac5ae1f5381a9a1dbd55bc976a172f36060b2d0c2ad80d4f956cd38d4ba7434b9b27583e0e753bcdb8b4772c1c54e926b365c90357c3e
- SSDEEP
  
  1536:ax7F8DW6pErklzKbDir++/McTJctWOrLRCIbDO+9a:akDWTrMKb2MFQCRCIe+4
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

ardamaxkeyloggerstealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22