Overview

overview

10

Static

static

7

Ardamax_Ke...ch.exe

windows7-x64

10

Ardamax_Ke...ch.exe

windows10-2004-x64

10

Ardamax_Ke...kl.exe

windows7-x64

7

Ardamax_Ke...kl.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

5

$PLUGINSDI...ol.dll

windows10-2004-x64

5

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

lzma.exe

windows7-x64

1

lzma.exe

windows10-2004-x64

3

使用帮助.url

windows7-x64

1

使用帮助.url

windows10-2004-x64

1

访问下�...��.url

windows7-x64

1

访问下�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    95s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2024 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ardamax_Keylogger/ardamax.keylogger.4.0.1-patch.exe

  • Size

    65KB

  • MD5

    983c399ee7666ed813e71de38bf93503

  • SHA1

    b03932d60a35ae9e34420688c747bb1179f67ecd

  • SHA256

    095ecd089ef17cab0c6194b3485994e99feeca15813258d1716c709b31911d0b

  • SHA512

    51b6157f159b7e5791953f5acd3de7abbc3b9ffea4c9a31c667fcf252b1821c789249a4934145ee25d8ef04a63e45de650f6ff3eb218251c880af83dfa6b0ac4

  • SSDEEP

    1536:3m1htAC0rCfr2jFeV7NNpYSmfYjSukons6m9eU:36AC8CyjAN/YSko2o

Score
10/10
ardamaxdiscoverykeyloggerstealer

Malware Config

Signatures

  • Ardamax

    A keylogger first seen in 2013.

    keyloggerstealerardamax
  • Ardamax main executable 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ardamax_Keylogger\ardamax.keylogger.4.0.1-patch.exe
    "C:\Users\Admin\AppData\Local\Temp\Ardamax_Keylogger\ardamax.keylogger.4.0.1-patch.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:4184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dup2patcher.dll
    Filesize

    59KB

    MD5

    89696243ed0683e422a55c88a6ccf661

    SHA1

    b5346bc0c87b0318ca3f8e41164f1f0094f2d067

    SHA256

    30cba601820c765e353f1fb4024c68d9e816a4a6d6d72f136ade16b530a7d723

    SHA512

    c5ae72fe17387a0bf2d87682a387cb2f1ba7b513289169ab6c7b4a66be6aeb42d9ecdd54eb638b70ed27c17662f504b79a865f42d5ccaf98f7e8b2e04143014e

    Download Submit

  • memory/4184-2-0x00000000751C0000-0x00000000751E7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/4184-5-0x00000000751C0000-0x00000000751E7000-memory.dmp

    Filesize

    156KB

    Download