ardamax | 381127acf31fef1d723bb1f5ae94047ea416c70c81a93d7b3d185909d1a21429 | Triage

Sharing

General

Target

7a52a77c9a4a1f73e91c03734e95c41f_JaffaCakes118
Size

3.3MB
Sample

240730-2l36aashpk
MD5

7a52a77c9a4a1f73e91c03734e95c41f
SHA1

919fab92e90ee5c9c3ebf1c3546e86cf29956301
SHA256

381127acf31fef1d723bb1f5ae94047ea416c70c81a93d7b3d185909d1a21429
SHA512

e2091ae0299e9406d857200eaf270b2386daab561ba8fb431272483759e867da531c4b2ce61ab614eed70305e4d30fd08bfd1f1dacb307bf4b33ee8faff02d75
SSDEEP

49152:EhN9qm8+sb2yWEKkCJDm6R3V+d+1PuckekYnUlGnOuX0cAwxXKeXf0La8tW7k8kK:cN88yWEK53L5uFZo9OuX0nCXKIf0m/7

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  7a52a77c9a4a1f73e91c03734e95c41f_JaffaCakes118
- Size
  
  3.3MB
- MD5
  
  7a52a77c9a4a1f73e91c03734e95c41f
- SHA1
  
  919fab92e90ee5c9c3ebf1c3546e86cf29956301
- SHA256
  
  381127acf31fef1d723bb1f5ae94047ea416c70c81a93d7b3d185909d1a21429
- SHA512
  
  e2091ae0299e9406d857200eaf270b2386daab561ba8fb431272483759e867da531c4b2ce61ab614eed70305e4d30fd08bfd1f1dacb307bf4b33ee8faff02d75
- SSDEEP
  
  49152:EhN9qm8+sb2yWEKkCJDm6R3V+d+1PuckekYnUlGnOuX0cAwxXKeXf0La8tW7k8kK:cN88yWEK53L5uFZo9OuX0nCXKIf0m/7
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer