ardamax | c0f7c3f593d8b31e0c6fac845ae5829c13e170c22bda05b1863dc6b7bb8801ba | Triage

Submit
Reports

Overview

overview

Static

static

6

Obekräfta...49.zip

windows11-21h2-x64

Sharing

General

Target

Obekräftade 231649.crdownload
Size

277.7MB
Sample

241204-ly19fsxler
MD5

6319a740e05748ddf05a7a122fc42e66
SHA1

680db1ddc43500a991f4ef32563c275a69bb8c57
SHA256

c0f7c3f593d8b31e0c6fac845ae5829c13e170c22bda05b1863dc6b7bb8801ba
SHA512

03c5f14aa35b60ba8b82a0c8987d2ca773ad1064fab7b800160b2a72aa6a9b78674fbe29a97f7dc063d6b76c09c2a43e08ca2dd31a6dd947ed6d0592fa83be33
SSDEEP

6291456:7G5AfA8/dSjOnRcHFjajD9eEHJ1P0CmqDJLEzCRn/OZ5ed:7Pd/PRcH1g9eEYPwloCRn/OZ5ed

Score

10^/10

ardamax agilenet defense_evasion discovery evasion keylogger phishing stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Obekräftade 231649.zip

Resource

win11-20241023-en

ardamax agilenet defense_evasion discovery evasion keylogger phishing stealer trojan upx

windows11-21h2-x64

33 signatures

300 seconds

Malware Config

Targets

- Target
  
  Obekräftade 231649.crdownload
- Size
  
  277.7MB
- MD5
  
  6319a740e05748ddf05a7a122fc42e66
- SHA1
  
  680db1ddc43500a991f4ef32563c275a69bb8c57
- SHA256
  
  c0f7c3f593d8b31e0c6fac845ae5829c13e170c22bda05b1863dc6b7bb8801ba
- SHA512
  
  03c5f14aa35b60ba8b82a0c8987d2ca773ad1064fab7b800160b2a72aa6a9b78674fbe29a97f7dc063d6b76c09c2a43e08ca2dd31a6dd947ed6d0592fa83be33
- SSDEEP
  
  6291456:7G5AfA8/dSjOnRcHFjajD9eEHJ1P0CmqDJLEzCRn/OZ5ed:7Pd/PRcH1g9eEYPwloCRn/OZ5ed
Score

10^/10

ardamax agilenet defense_evasion discovery evasion keylogger phishing stealer trojan upx
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxagilenetdefense_evasiondiscoveryevasionkeyloggerphishingstealertrojanupx

© 2018-2024

Terms | Privacy