ardamax | 7924a11f764e1c25543361654f782770761869291e04a04f1fb31e15cdf0ef7b | Triage

Sharing

General

Target

7924a11f764e1c25543361654f782770761869291e04a04f1fb31e15cdf0ef7b.exe
Size

2.2MB
Sample

241218-pv5dgsyrax
MD5

633c463311eb4a590d90529c539176e8
SHA1

535dc27cb5a63a308875510348ffc32f21ac5512
SHA256

7924a11f764e1c25543361654f782770761869291e04a04f1fb31e15cdf0ef7b
SHA512

de5c181ae9ea388306c24e998699ae5b764f1fbcf01f7d46137e8599835cc3905c26366f9775c61d64b6a2f73fa7c1e8db875e8f0dd2555430cd7bf04d02a68d
SSDEEP

49152:u6Wy2byz0EQgrMAqOTbCErGgeVAzT+HC7dLZFWeX++:BWyq40ZoUOTybVmOC5hXt

Score

10^/10

ardamax defense_evasion discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  7924a11f764e1c25543361654f782770761869291e04a04f1fb31e15cdf0ef7b.exe
- Size
  
  2.2MB
- MD5
  
  633c463311eb4a590d90529c539176e8
- SHA1
  
  535dc27cb5a63a308875510348ffc32f21ac5512
- SHA256
  
  7924a11f764e1c25543361654f782770761869291e04a04f1fb31e15cdf0ef7b
- SHA512
  
  de5c181ae9ea388306c24e998699ae5b764f1fbcf01f7d46137e8599835cc3905c26366f9775c61d64b6a2f73fa7c1e8db875e8f0dd2555430cd7bf04d02a68d
- SSDEEP
  
  49152:u6Wy2byz0EQgrMAqOTbCErGgeVAzT+HC7dLZFWeX++:BWyq40ZoUOTybVmOC5hXt
Score

10^/10

ardamax defense_evasion discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdefense_evasiondiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdefense_evasiondiscoverykeyloggerpersistencestealer