ardamax | 6c66f3a11f7877469bcc764c8d87173708ee866eb5dfb9459f4144c4874d6c1f | Triage

Sharing

General

Target

74d8a2d88572e34b7af2ab623cadf49a_JaffaCakes118
Size

2.0MB
Sample

241024-yw247asgka
MD5

74d8a2d88572e34b7af2ab623cadf49a
SHA1

10cc10249395ab40fccacbf7bdb8d499eee7fc75
SHA256

6c66f3a11f7877469bcc764c8d87173708ee866eb5dfb9459f4144c4874d6c1f
SHA512

e127d16c920d49d542c279aa31e9645863b629a7c32daacbb595a61f5de8bef53305bf1dba801ffea5d0d1a3700e9f25e3a66e5079d7462dc30d21c86a4e2b65
SSDEEP

49152:KHLa3ZVW4zUFJNQ6TvNXj5CYOGHSUKdiEbn:Kr0bzWdvNlCW7KR

Score

10^/10

ardamax defense_evasion discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  74d8a2d88572e34b7af2ab623cadf49a_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  74d8a2d88572e34b7af2ab623cadf49a
- SHA1
  
  10cc10249395ab40fccacbf7bdb8d499eee7fc75
- SHA256
  
  6c66f3a11f7877469bcc764c8d87173708ee866eb5dfb9459f4144c4874d6c1f
- SHA512
  
  e127d16c920d49d542c279aa31e9645863b629a7c32daacbb595a61f5de8bef53305bf1dba801ffea5d0d1a3700e9f25e3a66e5079d7462dc30d21c86a4e2b65
- SSDEEP
  
  49152:KHLa3ZVW4zUFJNQ6TvNXj5CYOGHSUKdiEbn:Kr0bzWdvNlCW7KR
Score

10^/10

ardamax defense_evasion discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdefense_evasiondiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdefense_evasiondiscoverykeyloggerpersistencestealer