ardamax | 69d02abd3ecf549e8e28cf1a7f0e92918d5515d3363edb0553226b6db766ff9b | Triage

Sharing

General

Target

d7745026d22546598df8bd54872e5594_JaffaCakes118
Size

592KB
Sample

240910-cnqkjasbpn
MD5

d7745026d22546598df8bd54872e5594
SHA1

1ccc35b82e8176382a4413cd42073ecff73745c3
SHA256

69d02abd3ecf549e8e28cf1a7f0e92918d5515d3363edb0553226b6db766ff9b
SHA512

bf4724eab04faa0f4109735d5763a23a77285e09050837a1743b43311d9fca94335647f94fa877838a5b81350c1741047ab0ad06eeabb9d80de3bff2c9f9a61b
SSDEEP

12288:qURUFJbpVqj8FiJ1f3Px4uNK7MsOfPrCnEq7fZbmV2cB1QHFSr2X:Wdqj8F+1f3PSuwMsOfzBq2fss2X

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  d7745026d22546598df8bd54872e5594_JaffaCakes118
- Size
  
  592KB
- MD5
  
  d7745026d22546598df8bd54872e5594
- SHA1
  
  1ccc35b82e8176382a4413cd42073ecff73745c3
- SHA256
  
  69d02abd3ecf549e8e28cf1a7f0e92918d5515d3363edb0553226b6db766ff9b
- SHA512
  
  bf4724eab04faa0f4109735d5763a23a77285e09050837a1743b43311d9fca94335647f94fa877838a5b81350c1741047ab0ad06eeabb9d80de3bff2c9f9a61b
- SSDEEP
  
  12288:qURUFJbpVqj8FiJ1f3Px4uNK7MsOfPrCnEq7fZbmV2cB1QHFSr2X:Wdqj8F+1f3PSuwMsOfzBq2fss2X
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer