ardamax | 5e5751ab12a05b80925a7159c8e95ce78106fd9d87a1fdbe1c54203acf52f3f6 | Triage

Sharing

General

Target

439ddf6bd306f2c9b9b059cefae5191a_JaffaCakes118
Size

1.1MB
Sample

240713-2hnanascrf
MD5

439ddf6bd306f2c9b9b059cefae5191a
SHA1

d2acd93b0da5ca2539a30eb294b789d195cf54b3
SHA256

5e5751ab12a05b80925a7159c8e95ce78106fd9d87a1fdbe1c54203acf52f3f6
SHA512

02f7ea2ee6d19173745706634b14e628970818d3fdc71d94c8162645e23a83c88a6509e09cdd8162b396e02e4348e731e05fb08b12fea905860cf4e3f05b4114
SSDEEP

24576:wHvZTgeTSLuCulRS6aJ0Kk8ITXMiKc2quYfT4DkTNOK03RKgtrlML5QfOebfqgb:4BTdGqvU/eKk84car4kMbpmYbfq

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  439ddf6bd306f2c9b9b059cefae5191a_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  439ddf6bd306f2c9b9b059cefae5191a
- SHA1
  
  d2acd93b0da5ca2539a30eb294b789d195cf54b3
- SHA256
  
  5e5751ab12a05b80925a7159c8e95ce78106fd9d87a1fdbe1c54203acf52f3f6
- SHA512
  
  02f7ea2ee6d19173745706634b14e628970818d3fdc71d94c8162645e23a83c88a6509e09cdd8162b396e02e4348e731e05fb08b12fea905860cf4e3f05b4114
- SSDEEP
  
  24576:wHvZTgeTSLuCulRS6aJ0Kk8ITXMiKc2quYfT4DkTNOK03RKgtrlML5QfOebfqgb:4BTdGqvU/eKk84car4kMbpmYbfq
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer