Overview

overview

10

Static

static

3

Install.exe

windows7-x64

10

Install.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Install.exe

  • Size

    2.2MB

  • Sample

    241122-pmta9awpep

  • MD5

    1382e4d171d911ad48f0c4ebe58ae29d

  • SHA1

    e15768445f428f578a2a304a3a3d675400cef2bb

  • SHA256

    6b1dd1c338fbbccd877e74e54713e8a5165251b90aff3e71995fe693f7f680fa

  • SHA512

    854d1dd1f23674264fa33e4c4a21a4457892c2d82885bc5d269ba77ffcde433ec75bbf9eef4df9d04b74634abf014291073b17e9352cc93bf9d1301c2097a30d

  • SSDEEP

    49152:F5669KWXjUCnBBDeWTjTcmzR2op3L7S24hyzWa:D669KWXICnBBKWT0mzR2opLL8SW

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      Install.exe

    • Size

      2.2MB

    • MD5

      1382e4d171d911ad48f0c4ebe58ae29d

    • SHA1

      e15768445f428f578a2a304a3a3d675400cef2bb

    • SHA256

      6b1dd1c338fbbccd877e74e54713e8a5165251b90aff3e71995fe693f7f680fa

    • SHA512

      854d1dd1f23674264fa33e4c4a21a4457892c2d82885bc5d269ba77ffcde433ec75bbf9eef4df9d04b74634abf014291073b17e9352cc93bf9d1301c2097a30d

    • SSDEEP

      49152:F5669KWXjUCnBBDeWTjTcmzR2op3L7S24hyzWa:D669KWXICnBBKWT0mzR2opLL8SW

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks