ardamax | 53430ebab6b89325c5a407342a7f9f22d85850fdd30df80daf1ea68fc0a407fc | Triage

Sharing

General

Target

53430ebab6b89325c5a407342a7f9f22d85850fdd30df80daf1ea68fc0a407fcN.exe
Size

2.2MB
Sample

241217-z4sfdsyrfr
MD5

3368e5f66d6845cc96b2dca65f1e7780
SHA1

3da4fab790347189644fba012eee8dd8cd9882d5
SHA256

53430ebab6b89325c5a407342a7f9f22d85850fdd30df80daf1ea68fc0a407fc
SHA512

6fcd4ee3ad3ca01954c2b4f2c0ca99ed46c7b551bcc19c59e0634f49bcea2851d2e761d7084e4c3dd5485f9fc2a0a21835e87d1328888eb5831d201fd01d8fa5
SSDEEP

49152:u6Wy2byz0EQgrMAqOTbCErGgeVAzT+HC7dLZFWeX+:BWyq40ZoUOTybVmOC5hX

Score

10^/10

ardamax defense_evasion discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  53430ebab6b89325c5a407342a7f9f22d85850fdd30df80daf1ea68fc0a407fcN.exe
- Size
  
  2.2MB
- MD5
  
  3368e5f66d6845cc96b2dca65f1e7780
- SHA1
  
  3da4fab790347189644fba012eee8dd8cd9882d5
- SHA256
  
  53430ebab6b89325c5a407342a7f9f22d85850fdd30df80daf1ea68fc0a407fc
- SHA512
  
  6fcd4ee3ad3ca01954c2b4f2c0ca99ed46c7b551bcc19c59e0634f49bcea2851d2e761d7084e4c3dd5485f9fc2a0a21835e87d1328888eb5831d201fd01d8fa5
- SSDEEP
  
  49152:u6Wy2byz0EQgrMAqOTbCErGgeVAzT+HC7dLZFWeX+:BWyq40ZoUOTybVmOC5hX
Score

10^/10

ardamax defense_evasion discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdefense_evasiondiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdefense_evasiondiscoverykeyloggerpersistencestealer