ardamax | f11d3b05e4ccca1198ff793492eccdc3b5617caebdd3ab475385f8bf31106aee | Triage

Submit
Reports

Overview

overview

Static

static

f11d3b05e4...ee.exe

windows7-x64

f11d3b05e4...ee.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f11d3b05e4ccca1198ff793492eccdc3b5617caebdd3ab475385f8bf31106aee
Size

583KB
Sample

221206-23kp9sfd2s
MD5

2878514d5149a6d1de4a1dbfe64aef67
SHA1

3730a630e95d9b8a9edfe739ba28c3d11cb503ac
SHA256

f11d3b05e4ccca1198ff793492eccdc3b5617caebdd3ab475385f8bf31106aee
SHA512

8cf2626dbaf0ca499c98aaa715ebe2143567c368679b6ca11b3490c57360d08d219d7e6ca8749613e7f0de31025822edddc4ab03199003e182b01c14a74003b7
SSDEEP

12288:xiRnJRn/oNM5zJWXOgPVjuO59S2qtD9v/KoJAGZcu4bZY:xi1J1/XVoOMjBzXAhfJ0tY

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

f11d3b05e4ccca1198ff793492eccdc3b5617caebdd3ab475385f8bf31106aee.exe

Resource

win7-20220812-en

ardamax keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f11d3b05e4ccca1198ff793492eccdc3b5617caebdd3ab475385f8bf31106aee.exe

Resource

win10v2004-20220901-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  f11d3b05e4ccca1198ff793492eccdc3b5617caebdd3ab475385f8bf31106aee
- Size
  
  583KB
- MD5
  
  2878514d5149a6d1de4a1dbfe64aef67
- SHA1
  
  3730a630e95d9b8a9edfe739ba28c3d11cb503ac
- SHA256
  
  f11d3b05e4ccca1198ff793492eccdc3b5617caebdd3ab475385f8bf31106aee
- SHA512
  
  8cf2626dbaf0ca499c98aaa715ebe2143567c368679b6ca11b3490c57360d08d219d7e6ca8749613e7f0de31025822edddc4ab03199003e182b01c14a74003b7
- SSDEEP
  
  12288:xiRnJRn/oNM5zJWXOgPVjuO59S2qtD9v/KoJAGZcu4bZY:xi1J1/XVoOMjBzXAhfJ0tY
Score

10^/10

ardamax keylogger stealer discovery persistence
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxkeyloggerstealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy