General

  • Target

    e40dbaaf3f83c5b93a42b2e0c1be7c086c649b71f5d652f90e9b92af334a117cN

  • Size

    495KB

  • Sample

    241106-geh7bavgnd

  • MD5

    8d23e7d47190917e820326203061c5e0

  • SHA1

    1484b4870989fdad792d844c30d0d6ff6128fb44

  • SHA256

    e40dbaaf3f83c5b93a42b2e0c1be7c086c649b71f5d652f90e9b92af334a117c

  • SHA512

    94f0b5a63c4ad403267a453dfbaa5dc59b4d964cda6198a13ffa7d87a199be97bcbaffa77264b26f1215a5804ac01df4b8c145006c97ab54a88764cc7c19f83f

  • SSDEEP

    12288:cR6A4juzSMo0hQhSHgS+/fe3h4NaNgXZLw8YfhrIm4zYm+YSPW9maM:o6A4juzSMxhL1+Kh4ggXZLdmYzcWrM

Malware Config

Targets

    • Target

      e40dbaaf3f83c5b93a42b2e0c1be7c086c649b71f5d652f90e9b92af334a117cN

    • Size

      495KB

    • MD5

      8d23e7d47190917e820326203061c5e0

    • SHA1

      1484b4870989fdad792d844c30d0d6ff6128fb44

    • SHA256

      e40dbaaf3f83c5b93a42b2e0c1be7c086c649b71f5d652f90e9b92af334a117c

    • SHA512

      94f0b5a63c4ad403267a453dfbaa5dc59b4d964cda6198a13ffa7d87a199be97bcbaffa77264b26f1215a5804ac01df4b8c145006c97ab54a88764cc7c19f83f

    • SSDEEP

      12288:cR6A4juzSMo0hQhSHgS+/fe3h4NaNgXZLw8YfhrIm4zYm+YSPW9maM:o6A4juzSMxhL1+Kh4ggXZLdmYzcWrM

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks