Overview

overview

10

Static

static

3

d70981a07b...68.exe

windows7-x64

10

d70981a07b...68.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d70981a07b9cb09a0ee1b300f2944cdf6c8ce3f0c048c702c9b319b1e9903168

  • Size

    886KB

  • Sample

    240725-dxxwmsyeqf

  • MD5

    8e508541ecff247bb9723f4163450d0c

  • SHA1

    30636a219b5e6bdaab7584fad1da0d4812c1fbe6

  • SHA256

    d70981a07b9cb09a0ee1b300f2944cdf6c8ce3f0c048c702c9b319b1e9903168

  • SHA512

    99931222f1a052e17f176535008eebb10cfe4da3a03699dabb5a9d311f9f9644aaceffcd6706fbf8780ed260586d6dabf1e50b0810f8051dc6bfc50a3fbfcaaa

  • SSDEEP

    24576:86rTs85pFZueI+rpehK26zNOXtnSAVz0NNJ:8Cs85prRI+rpeY2eNOXxl0NNJ

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      d70981a07b9cb09a0ee1b300f2944cdf6c8ce3f0c048c702c9b319b1e9903168

    • Size

      886KB

    • MD5

      8e508541ecff247bb9723f4163450d0c

    • SHA1

      30636a219b5e6bdaab7584fad1da0d4812c1fbe6

    • SHA256

      d70981a07b9cb09a0ee1b300f2944cdf6c8ce3f0c048c702c9b319b1e9903168

    • SHA512

      99931222f1a052e17f176535008eebb10cfe4da3a03699dabb5a9d311f9f9644aaceffcd6706fbf8780ed260586d6dabf1e50b0810f8051dc6bfc50a3fbfcaaa

    • SSDEEP

      24576:86rTs85pFZueI+rpehK26zNOXtnSAVz0NNJ:8Cs85prRI+rpeY2eNOXxl0NNJ

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks