ardamax | df1f3e766f8e1ffc1ab013e57ad84b9e3ccd6574f248a59e4829eb84a48b5019 | Triage

Submit
Reports

Overview

overview

Static

static

3

2d7c46588e...18.exe

windows7-x64

2d7c46588e...18.exe

windows10-2004-x64

Sharing

General

Target

2d7c46588e711a0416b4159f367d0bef_JaffaCakes118
Size

307KB
Sample

241009-jm9ekszdme
MD5

2d7c46588e711a0416b4159f367d0bef
SHA1

c9a75f7f8fd3dcbf649c603a13c155b52eb106e8
SHA256

df1f3e766f8e1ffc1ab013e57ad84b9e3ccd6574f248a59e4829eb84a48b5019
SHA512

e464d90017004cf507875233cd09426c2289d08a3a798619843d32cfb3825d3d80c419e8c0012c3f8f7da58191470908a6cbdf135d1dee5562c04a77afe4132f
SSDEEP

6144:EtxSzc8/K6ommiuOsp2FNYslkoxyL7AIBZWwDfG3Ls7n+zL8xRq3BQlfYQaxU:kxSzU6ombEp5sXxgsIrfDfG3LCNRq6lJ

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2d7c46588e711a0416b4159f367d0bef_JaffaCakes118.exe

Resource

win7-20240903-en

ardamax discovery keylogger persistence stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2d7c46588e711a0416b4159f367d0bef_JaffaCakes118.exe

Resource

win10v2004-20241007-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  2d7c46588e711a0416b4159f367d0bef_JaffaCakes118
- Size
  
  307KB
- MD5
  
  2d7c46588e711a0416b4159f367d0bef
- SHA1
  
  c9a75f7f8fd3dcbf649c603a13c155b52eb106e8
- SHA256
  
  df1f3e766f8e1ffc1ab013e57ad84b9e3ccd6574f248a59e4829eb84a48b5019
- SHA512
  
  e464d90017004cf507875233cd09426c2289d08a3a798619843d32cfb3825d3d80c419e8c0012c3f8f7da58191470908a6cbdf135d1dee5562c04a77afe4132f
- SSDEEP
  
  6144:EtxSzc8/K6ommiuOsp2FNYslkoxyL7AIBZWwDfG3Ls7n+zL8xRq3BQlfYQaxU:kxSzU6ombEp5sXxgsIrfDfG3LCNRq6lJ
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy