ardamax | d2e763292ef4a13882824d3f509f8dd643ed9c9664f4ee08ebf5fb0885a9cece | Triage

Submit
Reports

Overview

overview

Static

static

3

6d35a9f9cd...18.exe

windows7-x64

6d35a9f9cd...18.exe

windows10-2004-x64

Sharing

General

Target

6d35a9f9cdea71d2603caad084fde335_JaffaCakes118
Size

256KB
Sample

241023-fms6tatfmp
MD5

6d35a9f9cdea71d2603caad084fde335
SHA1

ad36e19921b3e0b702578c2ce13dd59c0945e7e6
SHA256

d2e763292ef4a13882824d3f509f8dd643ed9c9664f4ee08ebf5fb0885a9cece
SHA512

558ff342f81f7929a7e380ddd5d0c7ee5423917578baa17d0b870c9e1b802afadd5c8c3195f27a1200920d366e1061f1b71f9178ecfcbb567cdd516ccf74b555
SSDEEP

6144:J9n5ssybeB1lbjN2t3/hd840jtkXMxoiRpWA9:JJ5/y8js590jFRIA9

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6d35a9f9cdea71d2603caad084fde335_JaffaCakes118.exe

Resource

win7-20240903-en

ardamax discovery keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

6d35a9f9cdea71d2603caad084fde335_JaffaCakes118.exe

Resource

win10v2004-20241007-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  6d35a9f9cdea71d2603caad084fde335_JaffaCakes118
- Size
  
  256KB
- MD5
  
  6d35a9f9cdea71d2603caad084fde335
- SHA1
  
  ad36e19921b3e0b702578c2ce13dd59c0945e7e6
- SHA256
  
  d2e763292ef4a13882824d3f509f8dd643ed9c9664f4ee08ebf5fb0885a9cece
- SHA512
  
  558ff342f81f7929a7e380ddd5d0c7ee5423917578baa17d0b870c9e1b802afadd5c8c3195f27a1200920d366e1061f1b71f9178ecfcbb567cdd516ccf74b555
- SSDEEP
  
  6144:J9n5ssybeB1lbjN2t3/hd840jtkXMxoiRpWA9:JJ5/y8js590jFRIA9
Score

10^/10

ardamax discovery keylogger stealer persistence
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerstealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2024

Terms | Privacy