General
-
Target
e40dbaaf3f83c5b93a42b2e0c1be7c086c649b71f5d652f90e9b92af334a117cN
-
Size
495KB
-
Sample
241106-gge8favkev
-
MD5
8d23e7d47190917e820326203061c5e0
-
SHA1
1484b4870989fdad792d844c30d0d6ff6128fb44
-
SHA256
e40dbaaf3f83c5b93a42b2e0c1be7c086c649b71f5d652f90e9b92af334a117c
-
SHA512
94f0b5a63c4ad403267a453dfbaa5dc59b4d964cda6198a13ffa7d87a199be97bcbaffa77264b26f1215a5804ac01df4b8c145006c97ab54a88764cc7c19f83f
-
SSDEEP
12288:cR6A4juzSMo0hQhSHgS+/fe3h4NaNgXZLw8YfhrIm4zYm+YSPW9maM:o6A4juzSMxhL1+Kh4ggXZLdmYzcWrM
Malware Config
Targets
-
-
Target
e40dbaaf3f83c5b93a42b2e0c1be7c086c649b71f5d652f90e9b92af334a117cN
-
Size
495KB
-
MD5
8d23e7d47190917e820326203061c5e0
-
SHA1
1484b4870989fdad792d844c30d0d6ff6128fb44
-
SHA256
e40dbaaf3f83c5b93a42b2e0c1be7c086c649b71f5d652f90e9b92af334a117c
-
SHA512
94f0b5a63c4ad403267a453dfbaa5dc59b4d964cda6198a13ffa7d87a199be97bcbaffa77264b26f1215a5804ac01df4b8c145006c97ab54a88764cc7c19f83f
-
SSDEEP
12288:cR6A4juzSMo0hQhSHgS+/fe3h4NaNgXZLw8YfhrIm4zYm+YSPW9maM:o6A4juzSMxhL1+Kh4ggXZLdmYzcWrM
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-