ardamax | 63f0a08fb12e0d2499086709c24fdd9828c47c73b2611eedafbd3ee224f1de24 | Triage

Submit
Reports

Overview

overview

Static

static

3

ArdamaxKey...18.exe

windows7-x64

ArdamaxKey...18.exe

windows10-2004-x64

Sharing

General

Target

Keylogger.Ardamax.zip.zip
Size

778KB
Sample

241122-bpbmbsxmbr
MD5

f91529dc4e52f9988067735bdc80d07f
SHA1

1cd59d1311e6dbbc7135d69841a13fa74ca2b07f
SHA256

63f0a08fb12e0d2499086709c24fdd9828c47c73b2611eedafbd3ee224f1de24
SHA512

e3952506b4abfe605b577c2e50a5832f1eebef32b30a271d2ed55595bc27ba0691101297ec043afd02107cb2641a53e45132884c9956d47279f5768f82e5e21a
SSDEEP

24576:VWl35JV6RDgiYYmvZCRXbg+JI0sVs8dzTP0zmM:klpKRD3Oa8+JIJ3IzmM

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe

Resource

win7-20240903-en

ardamax discovery keylogger persistence stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe

Resource

win10v2004-20241007-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18
- Size
  
  783KB
- MD5
  
  e33af9e602cbb7ac3634c2608150dd18
- SHA1
  
  8f6ec9bc137822bc1ddf439c35fedc3b847ce3fe
- SHA256
  
  8c870eec48bc4ea1aca1f0c63c8a82aaadaf837f197708a7f0321238da8b6b75
- SHA512
  
  2ae5003e64b525049535ebd5c42a9d1f6d76052cccaa623026758aabe5b1d1b5781ca91c727f3ecb9ac30b829b8ce56f11b177f220330c704915b19b37f8f418
- SSDEEP
  
  12288:0E9uQlDTt8c/wtocu3HhGSrIilDhlPnRq/iI7UOvqF8dtbcZl36VBqWPH:FuqD2cYWzBGZohlE/zUD8/bgl2qW/
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2024

Terms | Privacy