ardamax | a7d0ad00cf674af014f654e9c10452a1fa7a2673beebf9c4a50d700c64912ae1 | Triage

Sharing

General

Target

a7d0ad00cf674af014f654e9c10452a1fa7a2673beebf9c4a50d700c64912ae1
Size

2.0MB
Sample

221125-rcre1scf83
MD5

69adfc0b2b9af7ebd3f687cd6e01216f
SHA1

2a6a6d8301ac7e02f7036098b06796609894fdc2
SHA256

a7d0ad00cf674af014f654e9c10452a1fa7a2673beebf9c4a50d700c64912ae1
SHA512

7df1d6b790627f1feb8913abb27b45154e266cbbe18b53d5a380f6cd1687c41e26f3c0b506eff93226af14f53808534335d816e248ffa63c1115481329e1bcbf
SSDEEP

49152:JkR2Q4SuHEuRwT0RU2ILRU9JnOsmU+yWRw:RSqa69JnOsmU+bR

Score

10^/10

ardamax keylogger persistence stealer

Malware Config

Targets

- Target
  
  a7d0ad00cf674af014f654e9c10452a1fa7a2673beebf9c4a50d700c64912ae1
- Size
  
  2.0MB
- MD5
  
  69adfc0b2b9af7ebd3f687cd6e01216f
- SHA1
  
  2a6a6d8301ac7e02f7036098b06796609894fdc2
- SHA256
  
  a7d0ad00cf674af014f654e9c10452a1fa7a2673beebf9c4a50d700c64912ae1
- SHA512
  
  7df1d6b790627f1feb8913abb27b45154e266cbbe18b53d5a380f6cd1687c41e26f3c0b506eff93226af14f53808534335d816e248ffa63c1115481329e1bcbf
- SSDEEP
  
  49152:JkR2Q4SuHEuRwT0RU2ILRU9JnOsmU+yWRw:RSqa69JnOsmU+bR
Score

10^/10

ardamax keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ardamaxkeyloggerpersistencestealer

behavioral2

ardamaxkeyloggerpersistencestealer