ardamax

General

Target

6f7708a440a47ce2491ae97e6f85bfcc_JaffaCakes118
Size

806KB
Sample

241023-r4v8aaxerj
MD5

6f7708a440a47ce2491ae97e6f85bfcc
SHA1

6817471fa80703f6e87f0cdf5a977730966ebb52
SHA256

dcbc1479ff0f0dc4eeb8ced0237c18042f0b0396fe4c4de74336ed1e9fa2c3a2
SHA512

44e0ecff21522394103964542a3f217d65ca814ee8da104d96f42cdd3a3f9525c40f2c37026809825eef4b43380e0fba6b3971d0bffb6c19d1990925d3d842ee
SSDEEP

12288:5xAveq3DxzlsUjbnoUi+zpKWGbOwj0Slh+mViKTitwR18XDTpySdT:/9AJWAbdJLGbOwjUKTyDsSdT

Score

10^/10

Malware Config

Targets

- Target
  
  6f7708a440a47ce2491ae97e6f85bfcc_JaffaCakes118
- Size
  
  806KB
- MD5
  
  6f7708a440a47ce2491ae97e6f85bfcc
- SHA1
  
  6817471fa80703f6e87f0cdf5a977730966ebb52
- SHA256
  
  dcbc1479ff0f0dc4eeb8ced0237c18042f0b0396fe4c4de74336ed1e9fa2c3a2
- SHA512
  
  44e0ecff21522394103964542a3f217d65ca814ee8da104d96f42cdd3a3f9525c40f2c37026809825eef4b43380e0fba6b3971d0bffb6c19d1990925d3d842ee
- SSDEEP
  
  12288:5xAveq3DxzlsUjbnoUi+zpKWGbOwj0Slh+mViKTitwR18XDTpySdT:/9AJWAbdJLGbOwjUKTyDsSdT
Score

10^/10

ardamax discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax main executable
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Ardamax main executable

Checks BIOS information in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2