Overview

overview

10

Static

static

3

4aa09fa052...7N.exe

windows7-x64

10

4aa09fa052...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4aa09fa0529beb0d2096a1aa86cf4111cfff56b479a4048e8dcd13b937c7c0c7N

  • Size

    3.2MB

  • Sample

    241012-xj8krswcje

  • MD5

    0ac08d19b395d553f50168235f7c7ed0

  • SHA1

    1a9b02b39fe52066db32e233b541f2b0db68cb23

  • SHA256

    4aa09fa0529beb0d2096a1aa86cf4111cfff56b479a4048e8dcd13b937c7c0c7

  • SHA512

    9a65bad63e1da4a8d6c2567eb71733b318cb68f0eebbe6a1ef3eb0cbbea50b63a1649a80d6e5253de17964a3e3a7150dca5faef01c171bd95aacb5f4a26b7d9a

  • SSDEEP

    98304:R57Up17aZGruoEinbe6xKpCxlronCUsvm:DweWuoDDKgxpoU

Score
10/10
ardamaxdiscoverykeyloggerlinkpdfpersistencestealer

Malware Config

Targets

    • Target

      4aa09fa0529beb0d2096a1aa86cf4111cfff56b479a4048e8dcd13b937c7c0c7N

    • Size

      3.2MB

    • MD5

      0ac08d19b395d553f50168235f7c7ed0

    • SHA1

      1a9b02b39fe52066db32e233b541f2b0db68cb23

    • SHA256

      4aa09fa0529beb0d2096a1aa86cf4111cfff56b479a4048e8dcd13b937c7c0c7

    • SHA512

      9a65bad63e1da4a8d6c2567eb71733b318cb68f0eebbe6a1ef3eb0cbbea50b63a1649a80d6e5253de17964a3e3a7150dca5faef01c171bd95aacb5f4a26b7d9a

    • SSDEEP

      98304:R57Up17aZGruoEinbe6xKpCxlronCUsvm:DweWuoDDKgxpoU

    Score
    10/10
    ardamaxdiscoverykeyloggerlinkpdfpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks