ardamax | a6c9308ae859527f589b101de49a9b86c1ef4db2d3ef341474e6c4a1c9ad7fe6

Sharing

Copy URL

Twitter E-mail

General

Target

0041f5459b2c58650f838ce3e397bef7_JaffaCakes118
Size

375KB
Sample

240930-jr19rsyclf
MD5

0041f5459b2c58650f838ce3e397bef7
SHA1

0de02f5e5ab4c4dc379ad1494d2983dc9e023cb7
SHA256

a6c9308ae859527f589b101de49a9b86c1ef4db2d3ef341474e6c4a1c9ad7fe6
SHA512

eed0dfcd149b7eddcbc42731eacae4f4dfb71759d63d230b3941042e0dd97911d18456749068a3d6fda59fee4196dbf499c468ad8e512e627a47ebe400bb2356
SSDEEP

6144:cfD36i8SdaF4MSV7rDrU2Ype8V2WLkOdxrFj6cW+8q/Ql5qAQv+mR2A/6:c736iddq4M6//r8V2Okexx2cZSfrA/6

Score

10^/10

Malware Config

Targets

- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/AKV.exe
- Size
  
  388KB
- MD5
  
  b4c0c55a0686ef791abd2b05afee3d0b
- SHA1
  
  601824878d80551330226b77213561bd1c23d99d
- SHA256
  
  5b004e23bda3ced1069ab80e88745bd4de2fd023fae24b0135c276d669e6471d
- SHA512
  
  bf785746f23f0c36f6852bf7069bc0760b040e78a53d5229f1b2e781afc6c3e5012fb9e13f7f4e1bf614728915b0d50ea7e452f061ccd0541811d86d4efcca72
- SSDEEP
  
  6144:+0q4wPzwerB7q57bEux7/5Lx5v5EWK/GVSNFhH:84la7qYutZx5G
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/IWM.003
- Size
  
  4KB
- MD5
  
  2bbb6ffc878515a79478917c5af03a9c
- SHA1
  
  52532ea393f3a623c05b2cd72a205da41f152c29
- SHA256
  
  23c8cc69783ab663e036fb0d15c01b3863ff898d5534fa1d02f16c291863f3a5
- SHA512
  
  be8846674af43f20501e6fe59fbd369d7393e79970ab1a4fc7c516c491939f575c5e07a1cd284287e8663d1ca2f4e6663839a79f798a7453ecd30bb0fbdcc464
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/IWM.004
- Size
  
  14KB
- MD5
  
  3e226efcd41cb65746dc69668fc230c7
- SHA1
  
  a93e40bcd8a04e1ef9a24550f37618de29dd2ee6
- SHA256
  
  9dd8620e84e349c39029b9ff3d289cd09463896d3f8f59acaea56f6bcfba91f5
- SHA512
  
  d99f81c500cf04b7ef6d48a7d4f2b6080b7f4c6107253736a1c3b1f9e5ede745be28da25b4f8670a22b182c195dac372cf2dbb840b21a8dba05529acbf8dcbec
- SSDEEP
  
  384:GwTB3XaCh/MZ3dy/AdpNscMkXTWkEyWZ0TN99fOq:GeB3XaCh/xGpJ5NW6TNLfx
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/IWM.006
- Size
  
  7KB
- MD5
  
  a08026db7b86f2ba69f6317a4a66778b
- SHA1
  
  6afe5979a1ef3ee8b94b6ef4a6bf8a70d641bf62
- SHA256
  
  90c1300aaa05d24a32f9d01824c611742a10c2bb3e0450504b62282ab658e2f5
- SHA512
  
  059d6abdb37800f7673d116a0e9a4d2f3e8e7d955a402ef91ca97cf24f3c29121dc36c54599511ac0e04cd2b1467e30fb7b2563e42e2fe43e71560816902207e
- SSDEEP
  
  192:H6h3mYkZiIX1gY1chCCRZ8cRyD6pxSydx:avNYiY1qa6pjdx
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/IWM.chm
- Size
  
  33KB
- MD5
  
  67fd8e4e2a9fa895a52e557123dfddd9
- SHA1
  
  f47cd5ac70a620654af79911e85e5aa158ffbf41
- SHA256
  
  6a8c2a8901326b3106ad806393a45b5e1fd6616c133ac503457b4a44a4bf82fa
- SHA512
  
  764f01b5385bebfd666d62e10895bda8479eddfce264a63ef85322ad069877947356c3d2de6518f7ff00db96fb1b38273432ab04bd59b37fb89cbe25e9fd77f1
- SSDEEP
  
  768:n3fscCfTSjb0O+TJPHjnKFZi4LHnX1OgG8p4/HWkWplk:n3fscCfTcg1eXJjw8pKnUk
Score

1^/10
behavioral10 behavioral9
- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/IWM.exe
- Size
  
  473KB
- MD5
  
  317ae4693a2fa0e04be034845d19c8a6
- SHA1
  
  ea3a3b0b277c70b7120b66ceabcb0185170094e3
- SHA256
  
  c47d38b6b43a91a960a4cb793430b7eb397f3ea31f81f67ad05a66bea421e502
- SHA512
  
  763a2bdc2b94a8207cf441fee407b2c7895d4b25b71725c50e0b9e0815cd2c44b75c1cd68b6d94a9e2e9057d57554b262152a648a6253e4595eba62ae5cab3d6
- SSDEEP
  
  6144:KW6/r7TNvlFVbv4uiB8Wq0997DP/qV+NX2d6A:I/rvvFV/88WFCR
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
behavioral11 behavioral12
- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/qs.html
- Size
  
  1KB
- MD5
  
  40d00fa24b9cc44fbf2d724842808473
- SHA1
  
  c0852aa2fb916c051652a8b2142ffb9d8c7ac87a
- SHA256
  
  35b0f1bb808e1623ad534fbc1e72cea25ac28f71340e9c543f01d1bfdd094035
- SHA512
  
  9eb750e08ca9750988290626ae8ed32a2ecfa7c8ca021b3e26b3da0a94de952b991a9a6a0ad5729d7d5ccf7b3b36fb36fd24047f705d0468ad04908ba8a7154c
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/必看说明.htm
- Size
  
  6KB
- MD5
  
  3a3dd6a8121fbb4e4f1181e3b73bf01b
- SHA1
  
  6faccc6dcb27fbde623b91d877f4732127dcf8be
- SHA256
  
  05e6f40288872e4adf72a685297d6462c832401c945bf63b7e244a281b967f01
- SHA512
  
  3e0f55dca36b4684a6853bc8c59e6bf2b4a2e699ef76620c4197bb6b39fd0fe732de7d83d3efba0e64d0269ef7a1f2bc69c571355b6f9784e65db81cc3025eeb
- SSDEEP
  
  96:eygWlXZktTuDndkYWuokAbVXHISaQN1exgemaQNA5FaQ/APUgJX/kh8rW3H6aQNf:ebiXFDzeXdxfx2Fxh8rW3H6x9xQWn
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/河源下载站.url
- Size
  
  110B
- MD5
  
  87d5540eb47b60f225cc6d5e9ec5d3b5
- SHA1
  
  bb87c8cd2721eed95ed96cfed3c23a71dd636743
- SHA256
  
  7503e8e9530726e8934149fb2afc1a9638d8a4727cc05c6bed1c1b1539dc43fa
- SHA512
  
  ed81acc65c042f99ed20b511a755606e13619ddbd7e05125ecbcf5342ac9239329184d8b1b45d47ee4fc0ef4c62e06b2bd806b73f0f5c852173798e76d23a951
Score

1^/10
behavioral17 behavioral18
- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/用firefox浏览器上网更安全.URL
- Size
  
  334B
- MD5
  
  2f82495bbecfb4ac9ae75a17fd666bca
- SHA1
  
  2fb870b6f9a822627a970b589f2f7f1e0fe20fd1
- SHA256
  
  85e1cb8227a993c29f4add5fa8c6db6e8c52f1fcf0dddc2c8d943a8ca5fbc542
- SHA512
  
  8b7476093e4e799beae92829dbff62c19eb55beff5c2cea7ebe6b99c6b98114e00113b8c026f7540f29f5186c97089781ba2d9cf8315de53463f73b304313126
Score

1^/10
behavioral19 behavioral20
- Target
  
  ArdamaxKeylogger/ArdamaxKeylogger/Ardamax Keylogger/金山毒霸2007 无限升级版.url
- Size
  
  398B
- MD5
  
  fe8e1d149555fcc1210f321e01af3d25
- SHA1
  
  be5fb61cf73aea32c0bccb455d4c9bad37df4a64
- SHA256
  
  d1d466c78f3bb766fa5fe41b9118342f18895250dcae119cc782a86252802a39
- SHA512
  
  b05ab97921509b66bf41ffe97a7035f84d069ccf6add80433eee67eb61b8e25958098d61bb7f3e56659108efd904a406ab29d0a73b3ec89ff305f0967ef80ad4
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22