ardamax | bb3a3d3b17b79f8ed7ccc6319419daca6b909311214fb3e64cebdd437b3b6d3f | Triage

Sharing

General

Target

2a95dbddf924fe3aa25beedf25e06b8f_JaffaCakes118
Size

334KB
Sample

241009-eqwknsvdkq
MD5

2a95dbddf924fe3aa25beedf25e06b8f
SHA1

a327c401ac7d75ce3e9e589ce56b9d1758a9be8e
SHA256

bb3a3d3b17b79f8ed7ccc6319419daca6b909311214fb3e64cebdd437b3b6d3f
SHA512

2ce2ddee6bcf72cac50154f5893b1fa03d08bf82cd173f74e0a2ad26ef19e5d41f3ea51a5027ac8f0decf7241dfb2b63ad76faccfb12c923ffc93b3c0c0a589d
SSDEEP

6144:jov6KU9sVcPWy6ijms/PLCdwHhUA6h4aAhVsoM8KsQJGjnxjRkK6/x0N30pB1BJl:0P3hnJOxjx6/x0N3aB1rsE4i1hBBB+kH

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  2a95dbddf924fe3aa25beedf25e06b8f_JaffaCakes118
- Size
  
  334KB
- MD5
  
  2a95dbddf924fe3aa25beedf25e06b8f
- SHA1
  
  a327c401ac7d75ce3e9e589ce56b9d1758a9be8e
- SHA256
  
  bb3a3d3b17b79f8ed7ccc6319419daca6b909311214fb3e64cebdd437b3b6d3f
- SHA512
  
  2ce2ddee6bcf72cac50154f5893b1fa03d08bf82cd173f74e0a2ad26ef19e5d41f3ea51a5027ac8f0decf7241dfb2b63ad76faccfb12c923ffc93b3c0c0a589d
- SSDEEP
  
  6144:jov6KU9sVcPWy6ijms/PLCdwHhUA6h4aAhVsoM8KsQJGjnxjRkK6/x0N30pB1BJl:0P3hnJOxjx6/x0N3aB1rsE4i1hBBB+kH
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer