ardamax | a676bd39c2939e13185063e83fbcdb02f52b11f3f6433a52b84638c456c0f3ac | Triage

Submit
Reports

Overview

overview

Static

static

3

f039ba0206...18.exe

windows7-x64

f039ba0206...18.exe

windows10-2004-x64

Sharing

General

Target

f039ba0206d99acf666c9523bc2f4f8b_JaffaCakes118
Size

334KB
Sample

240921-vbf5fashrj
MD5

f039ba0206d99acf666c9523bc2f4f8b
SHA1

a4008925fdc49ced659ee7112a3b8ef87a670f1a
SHA256

a676bd39c2939e13185063e83fbcdb02f52b11f3f6433a52b84638c456c0f3ac
SHA512

d717a429d32d0d7cdfe26aa38c8a348151140955c9c771e28896347ed264170423ff5cb3efab5319f671e1c1224832ae64e5fab06b2d986399a1ab02f25edcd4
SSDEEP

6144:nlW1wiBz/+cF69C9XYJLo7XL9788xGKvR47spQnxaA9yEQ2pD3:lQwIzmcY9C9omxY8xrvR473R9yEQ2N3

Score

10^/10

ardamax defense_evasion discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f039ba0206d99acf666c9523bc2f4f8b_JaffaCakes118.exe

Resource

win7-20240903-en

ardamax defense_evasion discovery keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f039ba0206d99acf666c9523bc2f4f8b_JaffaCakes118.exe

Resource

win10v2004-20240802-en

ardamax defense_evasion discovery keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  f039ba0206d99acf666c9523bc2f4f8b_JaffaCakes118
- Size
  
  334KB
- MD5
  
  f039ba0206d99acf666c9523bc2f4f8b
- SHA1
  
  a4008925fdc49ced659ee7112a3b8ef87a670f1a
- SHA256
  
  a676bd39c2939e13185063e83fbcdb02f52b11f3f6433a52b84638c456c0f3ac
- SHA512
  
  d717a429d32d0d7cdfe26aa38c8a348151140955c9c771e28896347ed264170423ff5cb3efab5319f671e1c1224832ae64e5fab06b2d986399a1ab02f25edcd4
- SSDEEP
  
  6144:nlW1wiBz/+cF69C9XYJLo7XL9788xGKvR47spQnxaA9yEQ2pD3:lQwIzmcY9C9omxY8xrvR473R9yEQ2N3
Score

10^/10

ardamax defense_evasion discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- System Binary Proxy Execution: Rundll32
  Abuse Rundll32 to proxy execution of malicious code.
  defense_evasion
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

System Binary Proxy Execution

Rundll32

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdefense_evasiondiscoverykeyloggerstealer

behavioral2

ardamaxdefense_evasiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy