General

  • Target

    2025-06-02_7f90a78b25dc0fe590eab8485f42f9e3_elex_rhadamanthys_stop

  • Size

    1.1MB

  • Sample

    250602-qhbq3s1vhv

  • MD5

    7f90a78b25dc0fe590eab8485f42f9e3

  • SHA1

    44487b60709e1f412af3e6f01ed8e9c55a93dc19

  • SHA256

    f82f7a85871ead5be437f8a3fb321012f3ed0410db0b445d01296411e4bbd518

  • SHA512

    05d986e43c988e26f289ee068483688a6520098c648556d9d19484db4038369d27a63300d5fe7a14d6b85a31bfcf2d8c1efdcc907cd23ce574401b4d1b8b871b

  • SSDEEP

    24576:fZxTxmoZJT4jKWKX081cHglyp9YLXoGxZzJq9gD1X:fXTxNSZ81+gGWDTZzl1

Malware Config

Targets

    • Target

      2025-06-02_7f90a78b25dc0fe590eab8485f42f9e3_elex_rhadamanthys_stop

    • Size

      1.1MB

    • MD5

      7f90a78b25dc0fe590eab8485f42f9e3

    • SHA1

      44487b60709e1f412af3e6f01ed8e9c55a93dc19

    • SHA256

      f82f7a85871ead5be437f8a3fb321012f3ed0410db0b445d01296411e4bbd518

    • SHA512

      05d986e43c988e26f289ee068483688a6520098c648556d9d19484db4038369d27a63300d5fe7a14d6b85a31bfcf2d8c1efdcc907cd23ce574401b4d1b8b871b

    • SSDEEP

      24576:fZxTxmoZJT4jKWKX081cHglyp9YLXoGxZzJq9gD1X:fXTxNSZ81+gGWDTZzl1

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks