ardamax | b5a8858f8442769fb88fbb0edea3a1ca1e25eaae7812296808b2266c0fc32004 | Triage

Sharing

General

Target

9f1da670c3eef3094d77732d3c9ae384_JaffaCakes118
Size

952KB
Sample

240816-tyrc9avckd
MD5

9f1da670c3eef3094d77732d3c9ae384
SHA1

299c645715a304e4e888b5521bbab38bb20ff26e
SHA256

b5a8858f8442769fb88fbb0edea3a1ca1e25eaae7812296808b2266c0fc32004
SHA512

3c6984f8ab089e52ced1f4b8b3f0a6c146d520de16b1e9381e3686e32426a1730a8bbe28329d8ff5d4236330f9108de31a8e1c0f8c684f966a1b41445630b449
SSDEEP

24576:LuNOTc1kBALpIWexrleAguki1ZYtAd3dX87BLD5T:LucTc1DpIWEle7i12tcX87t

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  9f1da670c3eef3094d77732d3c9ae384_JaffaCakes118
- Size
  
  952KB
- MD5
  
  9f1da670c3eef3094d77732d3c9ae384
- SHA1
  
  299c645715a304e4e888b5521bbab38bb20ff26e
- SHA256
  
  b5a8858f8442769fb88fbb0edea3a1ca1e25eaae7812296808b2266c0fc32004
- SHA512
  
  3c6984f8ab089e52ced1f4b8b3f0a6c146d520de16b1e9381e3686e32426a1730a8bbe28329d8ff5d4236330f9108de31a8e1c0f8c684f966a1b41445630b449
- SSDEEP
  
  24576:LuNOTc1kBALpIWexrleAguki1ZYtAd3dX87BLD5T:LucTc1DpIWEle7i12tcX87t
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer