Overview

overview

10

Static

static

3

9bacf2080d...cN.exe

windows7-x64

10

9bacf2080d...cN.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bacf2080d71c340c34b0865b33795925da1d52f96786160cd56e64e5503ab6cN

  • Size

    652KB

  • Sample

    241014-rjsawstbml

  • MD5

    2abbe2435b80358655c93cb5a388b790

  • SHA1

    5002eca05b476d2e38f75a6ae19e88e4cc11c7d8

  • SHA256

    9bacf2080d71c340c34b0865b33795925da1d52f96786160cd56e64e5503ab6c

  • SHA512

    f7aadb2aa71eaf7a63501131a54db264ab8f7d87cfd98a6e04ecd21a26cb7189f134b297a9b02da27f8cff9fa205c1d7d774f6317f7df7cb8947404c31340d4e

  • SSDEEP

    12288:cyKlsEr9jVYSBPcZFwcomlgz4cJdiXG5akRXYcFTI5vjCXK4COYO93W:cfjVYSheomqz/5PRIcFTyvtfO8

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      9bacf2080d71c340c34b0865b33795925da1d52f96786160cd56e64e5503ab6cN

    • Size

      652KB

    • MD5

      2abbe2435b80358655c93cb5a388b790

    • SHA1

      5002eca05b476d2e38f75a6ae19e88e4cc11c7d8

    • SHA256

      9bacf2080d71c340c34b0865b33795925da1d52f96786160cd56e64e5503ab6c

    • SHA512

      f7aadb2aa71eaf7a63501131a54db264ab8f7d87cfd98a6e04ecd21a26cb7189f134b297a9b02da27f8cff9fa205c1d7d774f6317f7df7cb8947404c31340d4e

    • SSDEEP

      12288:cyKlsEr9jVYSBPcZFwcomlgz4cJdiXG5akRXYcFTI5vjCXK4COYO93W:cfjVYSheomqz/5PRIcFTyvtfO8

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks