ardamax | ddcc8495437d4129f23da5ab8e1c2e71c541c0129ff9bcbe9187ee702a78f07d | Triage

Sharing

General

Target

9ef3e496f6abd3058ee9f8ac16a8737b_JaffaCakes118
Size

1.3MB
Sample

240816-s2fkgssend
MD5

9ef3e496f6abd3058ee9f8ac16a8737b
SHA1

0810e81e32fd72175c82b2ae6f6ad00a9203384e
SHA256

ddcc8495437d4129f23da5ab8e1c2e71c541c0129ff9bcbe9187ee702a78f07d
SHA512

07dda4dd67bca7060cecfe7d148d82080b417ef102affebb3f6656db9a277d10c5911ad9028a0dc8c70c34c0d2b2ff15a3998622b60311d71c08f9aa5ef0880e
SSDEEP

12288:nOK6WOziUGmmSch+/DM8i7XiDHC5smqYxJkqDqYfzA0SFUj1SS5mzLhYJvFuMtMI:YZi7rr9NgIv8sUyj0W+Aff/1V

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  9ef3e496f6abd3058ee9f8ac16a8737b_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  9ef3e496f6abd3058ee9f8ac16a8737b
- SHA1
  
  0810e81e32fd72175c82b2ae6f6ad00a9203384e
- SHA256
  
  ddcc8495437d4129f23da5ab8e1c2e71c541c0129ff9bcbe9187ee702a78f07d
- SHA512
  
  07dda4dd67bca7060cecfe7d148d82080b417ef102affebb3f6656db9a277d10c5911ad9028a0dc8c70c34c0d2b2ff15a3998622b60311d71c08f9aa5ef0880e
- SSDEEP
  
  12288:nOK6WOziUGmmSch+/DM8i7XiDHC5smqYxJkqDqYfzA0SFUj1SS5mzLhYJvFuMtMI:YZi7rr9NgIv8sUyj0W+Aff/1V
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer