ardamax | df129d8b76de4b3dbe513bcb000ee5f6f7f3f9060cf1d961fe02464ca69ad5f9 | Triage

Submit
Reports

Overview

overview

Static

static

3

2053d0839a...18.exe

windows7-x64

2053d0839a...18.exe

windows10-2004-x64

Sharing

General

Target

2053d0839a99f4d59b9bbc7c30cefbf7_JaffaCakes118
Size

505KB
Sample

241008-jbvgaawakn
MD5

2053d0839a99f4d59b9bbc7c30cefbf7
SHA1

75679b05d747d20e5ec9fe11bed88a31cc6a1e8d
SHA256

df129d8b76de4b3dbe513bcb000ee5f6f7f3f9060cf1d961fe02464ca69ad5f9
SHA512

e2198e7c2204e3b3b58090f9d312f715f02ee98e45f3e9c40f0fe5c516513d63bba76ca7ffab84dbf64448347ed66767404a963b563a984d689e5014db8b2360
SSDEEP

12288:cwcxSG6fGmY76OmDJLUv1JnuaTKJhu9mj9ffcZ:7mSG6fbg6Om9LOnuaTNzZ

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2053d0839a99f4d59b9bbc7c30cefbf7_JaffaCakes118.exe

Resource

win7-20240704-en

ardamax discovery keylogger persistence stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2053d0839a99f4d59b9bbc7c30cefbf7_JaffaCakes118.exe

Resource

win10v2004-20241007-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  2053d0839a99f4d59b9bbc7c30cefbf7_JaffaCakes118
- Size
  
  505KB
- MD5
  
  2053d0839a99f4d59b9bbc7c30cefbf7
- SHA1
  
  75679b05d747d20e5ec9fe11bed88a31cc6a1e8d
- SHA256
  
  df129d8b76de4b3dbe513bcb000ee5f6f7f3f9060cf1d961fe02464ca69ad5f9
- SHA512
  
  e2198e7c2204e3b3b58090f9d312f715f02ee98e45f3e9c40f0fe5c516513d63bba76ca7ffab84dbf64448347ed66767404a963b563a984d689e5014db8b2360
- SSDEEP
  
  12288:cwcxSG6fGmY76OmDJLUv1JnuaTKJhu9mj9ffcZ:7mSG6fbg6Om9LOnuaTNzZ
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy