ardamax | 98c1dc5bdf34fe6d0ef589481306650049e2afa75b1cfb62ebd549b61806cfc9 | Triage

Submit
Reports

Overview

overview

Static

static

98c1dc5bdf...c9.exe

windows7-x64

98c1dc5bdf...c9.exe

windows10-2004-x64

Sharing

General

Target

98c1dc5bdf34fe6d0ef589481306650049e2afa75b1cfb62ebd549b61806cfc9
Size

525KB
Sample

220919-yyv4naffd5
MD5

c4af9473a3792d6c759223ae88cd111e
SHA1

d74f2bd9db7bb7b0d7afe64fe473bcbef73d3481
SHA256

98c1dc5bdf34fe6d0ef589481306650049e2afa75b1cfb62ebd549b61806cfc9
SHA512

00ff6baeffd478596264bbc6ac7de7ba03604cb5bace461522f230c96da9962f98895c0ac9047aae30b90ff48b4c6d7b696795a8b38663a6f6ff245fe158fbec
SSDEEP

12288:4LlgtecvR7k9TQGWENrAv/EAm3bYI+ElcEwRsFa4T8WIYQHI:ClgtpvlS7E438pWcJ54T/n

Score

10^/10

ardamax keylogger persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

98c1dc5bdf34fe6d0ef589481306650049e2afa75b1cfb62ebd549b61806cfc9.exe

Resource

win7-20220812-en

ardamax keylogger persistence stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

98c1dc5bdf34fe6d0ef589481306650049e2afa75b1cfb62ebd549b61806cfc9.exe

Resource

win10v2004-20220812-en

ardamax keylogger persistence stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  98c1dc5bdf34fe6d0ef589481306650049e2afa75b1cfb62ebd549b61806cfc9
- Size
  
  525KB
- MD5
  
  c4af9473a3792d6c759223ae88cd111e
- SHA1
  
  d74f2bd9db7bb7b0d7afe64fe473bcbef73d3481
- SHA256
  
  98c1dc5bdf34fe6d0ef589481306650049e2afa75b1cfb62ebd549b61806cfc9
- SHA512
  
  00ff6baeffd478596264bbc6ac7de7ba03604cb5bace461522f230c96da9962f98895c0ac9047aae30b90ff48b4c6d7b696795a8b38663a6f6ff245fe158fbec
- SSDEEP
  
  12288:4LlgtecvR7k9TQGWENrAv/EAm3bYI+ElcEwRsFa4T8WIYQHI:ClgtpvlS7E438pWcJ54T/n
Score

10^/10

ardamax keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxkeyloggerpersistencestealer

behavioral2

ardamaxkeyloggerpersistencestealer

© 2018-2025

Terms | Privacy