Overview

overview

10

Static

static

3

eab9a92809...59.exe

windows7-x64

10

eab9a92809...59.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eab9a92809bca189e256f27f58a24aea2e1bdee24087900c5f5a45ae7e74f359

  • Size

    2.2MB

  • Sample

    240723-es5w5axdrn

  • MD5

    40f4b3a32d975136e0b53d207005a98e

  • SHA1

    8125ee809bd39247220c70e6695b031da478d749

  • SHA256

    eab9a92809bca189e256f27f58a24aea2e1bdee24087900c5f5a45ae7e74f359

  • SHA512

    0059497d7e72ee5d3721e0e424212c5d5d3f1f97b87441ebe08cf4b32ee0a184a76c1d32951a29e043f92fd4ad6e60f97832fd6d78b9d57fcd9d9ca7d93729b0

  • SSDEEP

    49152:ZXFEH/VBJ+b1XSRyYgkpdxRlzHSt75YOiJOTifHmGSnb/ES9JVbDbms1m:TEH/VBMhXSRyJkpdNzy1eOitTiwSrVLm

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      eab9a92809bca189e256f27f58a24aea2e1bdee24087900c5f5a45ae7e74f359

    • Size

      2.2MB

    • MD5

      40f4b3a32d975136e0b53d207005a98e

    • SHA1

      8125ee809bd39247220c70e6695b031da478d749

    • SHA256

      eab9a92809bca189e256f27f58a24aea2e1bdee24087900c5f5a45ae7e74f359

    • SHA512

      0059497d7e72ee5d3721e0e424212c5d5d3f1f97b87441ebe08cf4b32ee0a184a76c1d32951a29e043f92fd4ad6e60f97832fd6d78b9d57fcd9d9ca7d93729b0

    • SSDEEP

      49152:ZXFEH/VBJ+b1XSRyYgkpdxRlzHSt75YOiJOTifHmGSnb/ES9JVbDbms1m:TEH/VBMhXSRyJkpdNzy1eOitTiwSrVLm

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks