ardamax | 0c06eb473a2930ab33be5f89461bdc2b0f9488f23b440534d0371c5149e8746d | Triage

Submit
Reports

Overview

overview

Static

static

3

bde69fbf18...18.exe

windows7-x64

bde69fbf18...18.exe

windows10-2004-x64

Sharing

General

Target

bde69fbf18a454e9846c6486cba2e846_JaffaCakes118
Size

4.3MB
Sample

240824-e7d2ystbqb
MD5

bde69fbf18a454e9846c6486cba2e846
SHA1

7566fdf824763b23ad93ae3bf24e50765beeb7bd
SHA256

0c06eb473a2930ab33be5f89461bdc2b0f9488f23b440534d0371c5149e8746d
SHA512

5323d4ba1e79a0e996661045bf843b03ab3e0818b8b3abb1135099de97a7b8ea977e93999fbafd45c83c9bcd300df76caa10547004650689e33b1085f30b1d7f
SSDEEP

98304:B6aLOAGB/g4dQIrhcQX9rTxX+hL2jrCcB3mYuoPwVRgZr54JTddQmYa:Bu3lgr5sxdON0u6066Td2

Score

10^/10

ardamax discovery keylogger persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bde69fbf18a454e9846c6486cba2e846_JaffaCakes118.exe

Resource

win7-20240708-en

ardamax discovery keylogger persistence stealer upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

bde69fbf18a454e9846c6486cba2e846_JaffaCakes118.exe

Resource

win10v2004-20240802-en

ardamax discovery keylogger persistence stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  bde69fbf18a454e9846c6486cba2e846_JaffaCakes118
- Size
  
  4.3MB
- MD5
  
  bde69fbf18a454e9846c6486cba2e846
- SHA1
  
  7566fdf824763b23ad93ae3bf24e50765beeb7bd
- SHA256
  
  0c06eb473a2930ab33be5f89461bdc2b0f9488f23b440534d0371c5149e8746d
- SHA512
  
  5323d4ba1e79a0e996661045bf843b03ab3e0818b8b3abb1135099de97a7b8ea977e93999fbafd45c83c9bcd300df76caa10547004650689e33b1085f30b1d7f
- SSDEEP
  
  98304:B6aLOAGB/g4dQIrhcQX9rTxX+hL2jrCcB3mYuoPwVRgZr54JTddQmYa:Bu3lgr5sxdON0u6066Td2
Score

10^/10

ardamax discovery keylogger persistence stealer upx
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealerupx

behavioral2

ardamaxdiscoverykeyloggerpersistencestealerupx

© 2018-2025

Terms | Privacy