ardamax | adde6e34140cc3acf1db7a9c26e503c08a2bf26f3672223e6c03b819bcdb769a | Triage

Sharing

General

Target

19158ae2a3d096968a419aae6e617f88_JaffaCakes118
Size

473KB
Sample

240628-g2sn9svfjd
MD5

19158ae2a3d096968a419aae6e617f88
SHA1

620aca9d737fc3a76f68644f1dcdc0ebf215a6a8
SHA256

adde6e34140cc3acf1db7a9c26e503c08a2bf26f3672223e6c03b819bcdb769a
SHA512

d778be538539b875627224971b8723d204c448d01edb7090914a4138213fc5dcff44384284c198047dcf9c6c4050b0113da1af4271f4c6e4c81e13bdc3ae61bd
SSDEEP

12288:w9tHK7KpaXoSiRd1E5twlkACXFQp/oRbhQD5azSG:mx3p0oSEd1EfwlkACVQp/0a6SG

Score

10^/10

ardamax discovery persistence

Malware Config

Targets

- Target
  
  KeyGen/KeyGen.exe
- Size
  
  72KB
- MD5
  
  cf6390f897fea2720592f0d241a7d1ad
- SHA1
  
  7ef114fc872a364397e4503589b077b97fefb7e9
- SHA256
  
  245b702bea258a87840f8a5b47878db5befb1d91d8f46ea06cedb0bfd8641975
- SHA512
  
  59a857086db9db255df439ef4e16c3b4f3ca5aec328a7fba97003c0b5cfdab7f7e26d66dd893ad9b54e5c82f59daa2d7b4a91fc59a07a9c6868feb30930bbab5
- SSDEEP
  
  1536:LmdBep0BSMg3awepZ399m8yd38OAHR+JMTIjQbn:CdBeiBSMgqwu59y6BD
Score

1^/10
behavioral1 behavioral2
- Target
  
  Setup.exe
- Size
  
  416KB
- MD5
  
  fbec76ff02f3b666c781e81aa791378f
- SHA1
  
  d882341f89758f988c30f15bf77b31f9f50b609c
- SHA256
  
  29e2d0595fdbcd69c5fc944fb30d4c30e57c1d0ad2f481b834df052213b8101f
- SHA512
  
  c80ab15f2d4871694fbf058c4e14c5b355565d4f410b1a09fb3b7ca1a0f9144ea2e88f164f6bd3abd6e923ee2e48ce7d3b76bc8ad3eb221eba0cae4830e72a3d
- SSDEEP
  
  6144:j8PPGkHiQVDCC2XQIRnn8x5oxMSolJZ1t/uRlp+FQtGLqDLGl42I1+BzuIrdMTVt:WGui0cganSomJlJ/t/8WFkUYM6sBEBDR
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  b3ebe1cb6bdd529302c121dd4e2e0d00
- SHA1
  
  305f022e7e3ef0ae6cdc5f18bd6adc3032f64304
- SHA256
  
  5a1696f9892567b3339faf2bf4df5eb1d2d886c49807529028b65f0f493e79b2
- SHA512
  
  6f6ea4aec1588bb6f7ab4f8422942ac0acbddb8b916af2ead039b434bec6db4d0bf64deb3b8d6cc33666cabd70024a1208411ab6e0ee10bcf98c47951f8d359a
- SSDEEP
  
  384:7Klm7i+c3QW6ckPhyDEaLnu2bbBBIXwZ:mqi8BcyhEhLjbbTI
Score

3^/10
behavioral5 behavioral6
- Target
  
  AKV.exe
- Size
  
  390KB
- MD5
  
  5ac8fe2c346b4e69ee80ad2f4bf43be8
- SHA1
  
  2829276ab92288b959f2ae92e9618e75443477d2
- SHA256
  
  94cbf88aca6f061118a7c38a34d1d08a9e78e870924f60270ef6d5be318f9f50
- SHA512
  
  9406a0cc7342ceb5ecab8e1ab32b325be0bd21e22bdc446f1d36d049463888592a415c424bb44c2e6ab5a92644c73f4a555e3cf7e5fc2feacdb86ea1ca4d501e
- SSDEEP
  
  6144:Iq4wPzwerB7q57bEux7/5Lx5v5EWK/GVSNxhHI:x4la7qYutZx5Gi
Score

1^/10
behavioral7 behavioral8
- Target
  
  IWM.003
- Size
  
  4KB
- MD5
  
  2bbb6ffc878515a79478917c5af03a9c
- SHA1
  
  52532ea393f3a623c05b2cd72a205da41f152c29
- SHA256
  
  23c8cc69783ab663e036fb0d15c01b3863ff898d5534fa1d02f16c291863f3a5
- SHA512
  
  be8846674af43f20501e6fe59fbd369d7393e79970ab1a4fc7c516c491939f575c5e07a1cd284287e8663d1ca2f4e6663839a79f798a7453ecd30bb0fbdcc464
Score

3^/10
behavioral10 behavioral9
- Target
  
  IWM.004
- Size
  
  14KB
- MD5
  
  3e226efcd41cb65746dc69668fc230c7
- SHA1
  
  a93e40bcd8a04e1ef9a24550f37618de29dd2ee6
- SHA256
  
  9dd8620e84e349c39029b9ff3d289cd09463896d3f8f59acaea56f6bcfba91f5
- SHA512
  
  d99f81c500cf04b7ef6d48a7d4f2b6080b7f4c6107253736a1c3b1f9e5ede745be28da25b4f8670a22b182c195dac372cf2dbb840b21a8dba05529acbf8dcbec
- SSDEEP
  
  384:GwTB3XaCh/MZ3dy/AdpNscMkXTWkEyWZ0TN99fOq:GeB3XaCh/xGpJ5NW6TNLfx
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral11 behavioral12
- Target
  
  IWM.006
- Size
  
  7KB
- MD5
  
  a08026db7b86f2ba69f6317a4a66778b
- SHA1
  
  6afe5979a1ef3ee8b94b6ef4a6bf8a70d641bf62
- SHA256
  
  90c1300aaa05d24a32f9d01824c611742a10c2bb3e0450504b62282ab658e2f5
- SHA512
  
  059d6abdb37800f7673d116a0e9a4d2f3e8e7d955a402ef91ca97cf24f3c29121dc36c54599511ac0e04cd2b1467e30fb7b2563e42e2fe43e71560816902207e
- SSDEEP
  
  192:H6h3mYkZiIX1gY1chCCRZ8cRyD6pxSydx:avNYiY1qa6pjdx
Score

1^/10
behavioral13 behavioral14
- Target
  
  IWM.007
- Size
  
  5KB
- MD5
  
  49e240cd2e8fe880e177e208aaf8feea
- SHA1
  
  54e9ee5a7523148542113ee654f00ea13d3ca3d7
- SHA256
  
  f1b86ba7a2c3aa753966cc67bc5efb4e4badb670b6a0e56ffcfdcbbc379108fc
- SHA512
  
  e92efd1d0ab3249d6c93b32af0885e22726421055bff36dcf64d307ef2f8aaf2dd06c221342bd5e2a1fadb5d61ac284cd39750cdf1134fd530ba9ff1744d965f
- SSDEEP
  
  48:6gklbEwQo80EE/KD4XJ2zlN03t4octKoPIIaiFcBakgkHRf2r:6gSEDDM+N03O9cowIaihsHRf2r
Score

1^/10
behavioral15 behavioral16
- Target
  
  IWM.chm
- Size
  
  33KB
- MD5
  
  67fd8e4e2a9fa895a52e557123dfddd9
- SHA1
  
  f47cd5ac70a620654af79911e85e5aa158ffbf41
- SHA256
  
  6a8c2a8901326b3106ad806393a45b5e1fd6616c133ac503457b4a44a4bf82fa
- SHA512
  
  764f01b5385bebfd666d62e10895bda8479eddfce264a63ef85322ad069877947356c3d2de6518f7ff00db96fb1b38273432ab04bd59b37fb89cbe25e9fd77f1
- SSDEEP
  
  768:n3fscCfTSjb0O+TJPHjnKFZi4LHnX1OgG8p4/HWkWplk:n3fscCfTcg1eXJjw8pKnUk
Score

1^/10
behavioral17 behavioral18
- Target
  
  IWM.exe
- Size
  
  477KB
- MD5
  
  db4d88b22f173a37c34477abeea6a789
- SHA1
  
  11c42d2d445c01a408ad947d48927fe2b370aa8c
- SHA256
  
  251cd62057ee822ad0139fddadd88945ef0951af715eea17ac5faa4b25e17a55
- SHA512
  
  67501ecf3b474536c3ae0cf68d49672b108b3b509a229f2a8bd4126e2f67228c93e2bbb78379de7dac3bbff6f7495d1d1aeffebb3fa5f8c7a0e29eaac4bce23e
- SSDEEP
  
  6144:lW6/r7TNvlFVbv4uiB8Wq0997DP/qV+N32kAb:V/rvvFV/88WF0b
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral19 behavioral20
- Target
  
  Uninstall.exe
- Size
  
  44KB
- MD5
  
  c3f1317f54f69e507c266c2c44c0d330
- SHA1
  
  135fcbd71ac7ce7a5d4225c06c390113f2b8ac42
- SHA256
  
  f5a60e2e460a4ab1bb244fbdb86ff1b7cbd4b0cc9f1851d9920edbda91cd65c0
- SHA512
  
  e700c6c24ef333929d953ab507511f7a407c84998fa7ecae3aaaf498564879c49cf5746f4a60df1ce6818e68ec4ca92388806b57cc475ef6391ff506e89794d2
- SSDEEP
  
  768:2QSYaefDRwYxmDTR9RAdJF4cZqF86eWkJ6ls4iWSjbJsa3bPv:jjae1wYxmBBoskJt4XSjbJs4L
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  qs.html
- Size
  
  1KB
- MD5
  
  40d00fa24b9cc44fbf2d724842808473
- SHA1
  
  c0852aa2fb916c051652a8b2142ffb9d8c7ac87a
- SHA256
  
  35b0f1bb808e1623ad534fbc1e72cea25ac28f71340e9c543f01d1bfdd094035
- SHA512
  
  9eb750e08ca9750988290626ae8ed32a2ecfa7c8ca021b3e26b3da0a94de952b991a9a6a0ad5729d7d5ccf7b3b36fb36fd24047f705d0468ad04908ba8a7154c
Score

1^/10
behavioral23 behavioral24
- Target
  
  安装说明.url
- Size
  
  260B
- MD5
  
  ed83e978f409fcebba2825b084f2c140
- SHA1
  
  4548b5565354024dff5f387fa825fce7d11e67fe
- SHA256
  
  ac996e7c6b803289cbb4eb6cd62cc7e63dcd456aa18dd7fa88aed066b06218ac
- SHA512
  
  2257a6118aac1a6368749357433e037798d1765dee71addb73fa3e98b27335bf7000786a0814d6a5b3a5f63eb25f13e49559da8e192f48dd230d1c344763a377
Score

1^/10
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

discoverypersistence

behavioral12

discoverypersistence

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

discoverypersistence

behavioral20

discoverypersistence

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26