ardamax | 311b5b90cbd638fd3b97bea804bca9de5e6c59c73a58331608cea75ae05248dd | Triage

Submit
Reports

Overview

overview

Static

static

7

4f13f9ec07...18.exe

windows7-x64

4f13f9ec07...18.exe

windows10-2004-x64

1

Sharing

General

Target

4f13f9ec07a65792e9dfdc32fd903feb_JaffaCakes118
Size

1.7MB
Sample

240716-tm1sjstbjd
MD5

4f13f9ec07a65792e9dfdc32fd903feb
SHA1

9b01b5d8e0e20f29f23ed5e4cb2597471ed44b68
SHA256

311b5b90cbd638fd3b97bea804bca9de5e6c59c73a58331608cea75ae05248dd
SHA512

999b4f96bb5fa6c38abd9cc700e55a10937ff764d81a5d2c7934ded0819c9cd0bd2b5c4192a3f60b60878c1a3c2548fb06a4f928dcc0c897ea31e769f77a8bda
SSDEEP

49152:z0Dv0aZ26Vqo8R4xdKBAG1mzFGFsEpm9zE4tCd:zSv0aZ2l48zmzesEmtw

Score

10^/10

ardamax discovery keylogger persistence stealer themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4f13f9ec07a65792e9dfdc32fd903feb_JaffaCakes118.exe

Resource

win7-20240708-en

ardamax discovery keylogger persistence stealer themida

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f13f9ec07a65792e9dfdc32fd903feb_JaffaCakes118.exe

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f13f9ec07a65792e9dfdc32fd903feb_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  4f13f9ec07a65792e9dfdc32fd903feb
- SHA1
  
  9b01b5d8e0e20f29f23ed5e4cb2597471ed44b68
- SHA256
  
  311b5b90cbd638fd3b97bea804bca9de5e6c59c73a58331608cea75ae05248dd
- SHA512
  
  999b4f96bb5fa6c38abd9cc700e55a10937ff764d81a5d2c7934ded0819c9cd0bd2b5c4192a3f60b60878c1a3c2548fb06a4f928dcc0c897ea31e769f77a8bda
- SSDEEP
  
  49152:z0Dv0aZ26Vqo8R4xdKBAG1mzFGFsEpm9zE4tCd:zSv0aZ2l48zmzesEmtw
Score

10^/10

ardamax discovery keylogger persistence stealer themida
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealerthemida

behavioral2

© 2018-2025

Terms | Privacy