ardamax | b70c63bc75411c9b3d7cb4babca8cd70a9d518549c60b2851aa603447ca5dfaf | Triage

Submit
Reports

Overview

overview

Static

static

3

68f88bc3ea...18.exe

windows7-x64

68f88bc3ea...18.exe

windows10-2004-x64

Sharing

General

Target

68f88bc3ea27c74d26d915cca8ebb0af_JaffaCakes118
Size

1.1MB
Sample

241022-feq2gsybkf
MD5

68f88bc3ea27c74d26d915cca8ebb0af
SHA1

5f856d7c74a8ee446458fb1dbaaaedd0d90161d5
SHA256

b70c63bc75411c9b3d7cb4babca8cd70a9d518549c60b2851aa603447ca5dfaf
SHA512

bfe2cf47842658ac64610c130dcc7483ea01abb94c8c7e26c0f5533dd61120656f87815bff9d1af34a03b9490e74df6e7f32547b4ff6505fbda8739a3dd742b3
SSDEEP

24576:3ZxTkEZrs914LVN4gbcqzOVPz4ztaJjuOcSwTBSIPufJbM0yiBiXPPVk:3XT7s914LIgbXOFz4zo1xKPufJwt2w3V

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

68f88bc3ea27c74d26d915cca8ebb0af_JaffaCakes118.exe

Resource

win7-20240903-en

ardamax discovery keylogger persistence stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

68f88bc3ea27c74d26d915cca8ebb0af_JaffaCakes118.exe

Resource

win10v2004-20241007-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  68f88bc3ea27c74d26d915cca8ebb0af_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  68f88bc3ea27c74d26d915cca8ebb0af
- SHA1
  
  5f856d7c74a8ee446458fb1dbaaaedd0d90161d5
- SHA256
  
  b70c63bc75411c9b3d7cb4babca8cd70a9d518549c60b2851aa603447ca5dfaf
- SHA512
  
  bfe2cf47842658ac64610c130dcc7483ea01abb94c8c7e26c0f5533dd61120656f87815bff9d1af34a03b9490e74df6e7f32547b4ff6505fbda8739a3dd742b3
- SSDEEP
  
  24576:3ZxTkEZrs914LVN4gbcqzOVPz4ztaJjuOcSwTBSIPufJbM0yiBiXPPVk:3XT7s914LIgbXOFz4zo1xKPufJwt2w3V
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy