ardamax | c6335d572dd612945e7632771ca39f39a6eb52d0cb0348cd44fc8f3c1710bbad | Triage

Sharing

General

Target

d4f340ec578b20d145e46f079e72eaaa_JaffaCakes118
Size

1.1MB
Sample

240908-wvbjqssejh
MD5

d4f340ec578b20d145e46f079e72eaaa
SHA1

5168d60837796e913cd3d4577ce5a80d6fd57c90
SHA256

c6335d572dd612945e7632771ca39f39a6eb52d0cb0348cd44fc8f3c1710bbad
SHA512

968a885421251afaca33d9520039b0f5d35d74ff04b6f0cfeb1a1071b69eda9a541f5db6bd7407c3ea67fd87113c27891e3a2955aa9a7eec8e82b7d9840aa0d1
SSDEEP

24576:OmAQkV/IEk9M8FVaKzvkXE1pm1cgHED9YMcsuDEE:7AQkNvVXE1psnHExYMcs1E

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  Installacijabre.exe
- Size
  
  1.1MB
- MD5
  
  f4dfb964bf2891ef0a4f757325a853d4
- SHA1
  
  8eb5496526e36f8785c7d05c975e35b422e9c0db
- SHA256
  
  db7d26cd5f1a0d872a7a29f93f5d52453f46e18c017fff115279ab3a17bb1e31
- SHA512
  
  b67c64a4bd4c643aa16f1584039f73ad7ee22f463baf9026ab98952f98448df2a71e41036e47fa2b182645e03e4ec6bfe32f94a12c4beb1ef1c13f71f3855610
- SSDEEP
  
  24576:2k/ATlOAQkx/6E0lcWLiw4vZzejEfRKMevdbYPT+DBY4csoa7Da:noTEAQk5I+z9devlYPT+dY4cso
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  program.bat
- Size
  
  2KB
- MD5
  
  2efe1c3f2ea3647b5b19155e438f2135
- SHA1
  
  aa04138114408bcbd5c58098250cd64dc992f826
- SHA256
  
  b3d9afcf018640b6f3960551760adf30d8cf57a92bdd9751f11d8c9864b0b389
- SHA512
  
  c3151ebf5144a9b7782e7188f40ab74350fe99fa71c776252508b1042e516fee32c773edcf070cd2e131b56f39b71af01277f9c8b3561d750818fa4bd90356b4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

behavioral3

behavioral4