ardamax | 02c9cc421b0bb69fde124f42cd838a207f3f2deee4d06ff71ee6c3342982d85b | Triage

Submit
Reports

Overview

overview

Static

static

3

3a083df30f...18.exe

windows7-x64

3a083df30f...18.exe

windows10-2004-x64

Sharing

General

Target

3a083df30fff546454a0d6ab2c665c69_JaffaCakes118
Size

149KB
Sample

240711-vrcf7aydpd
MD5

3a083df30fff546454a0d6ab2c665c69
SHA1

a46277d705c45a5395d8028f7ae816e432e9f26a
SHA256

02c9cc421b0bb69fde124f42cd838a207f3f2deee4d06ff71ee6c3342982d85b
SHA512

c01a0b980d071c7d97ca8490d8bc3277214fa3f209aee80cad8c7ff002973c5dab204c9a33c83afb9ad64a7e331dc86c9434a56b6284598c7352a918b3a777f0
SSDEEP

3072:TOyPfgXqSFiv7WIyPYO0N29TrxbUVfg4YpHg0hZcmBoycX/P5zZbimCSOMP0KC:bURFi6TQUTrxbsg4sHg0hZubX5zZ1C5Z

Score

10^/10

ardamax discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3a083df30fff546454a0d6ab2c665c69_JaffaCakes118.exe

Resource

win7-20240704-en

ardamax discovery keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a083df30fff546454a0d6ab2c665c69_JaffaCakes118.exe

Resource

win10v2004-20240709-en

ardamax discovery keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a083df30fff546454a0d6ab2c665c69_JaffaCakes118
- Size
  
  149KB
- MD5
  
  3a083df30fff546454a0d6ab2c665c69
- SHA1
  
  a46277d705c45a5395d8028f7ae816e432e9f26a
- SHA256
  
  02c9cc421b0bb69fde124f42cd838a207f3f2deee4d06ff71ee6c3342982d85b
- SHA512
  
  c01a0b980d071c7d97ca8490d8bc3277214fa3f209aee80cad8c7ff002973c5dab204c9a33c83afb9ad64a7e331dc86c9434a56b6284598c7352a918b3a777f0
- SSDEEP
  
  3072:TOyPfgXqSFiv7WIyPYO0N29TrxbUVfg4YpHg0hZcmBoycX/P5zZbimCSOMP0KC:bURFi6TQUTrxbsg4sHg0hZubX5zZ1C5Z
Score

10^/10

ardamax discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerstealer

behavioral2

ardamaxdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy