ardamax

General

Target

ad86bab0367ee08b0ec25fd11c9abd24_JaffaCakes118
Size

181KB
Sample

241128-zgvl8svram
MD5

ad86bab0367ee08b0ec25fd11c9abd24
SHA1

b9b036f357807cf0df196604a121e3187669bbe5
SHA256

6999a7cd0f68e943ae599e847fb923ffc86383a015a2d2d6f8a7d047951cc154
SHA512

3495d3865a560c22ef9475a3cd5e74b5766ee358e58fc65fdde86c99927548d0a8d497d95202988624a136b7cdf14cad94d6b58b56256395370083a3ff78f3f6
SSDEEP

3072:/ONQRnks2NpaHrojQESAOlgpWKFETRj2ymLvsAPyLlgVZgAsbflS25yYGO2JEOWG:HlLoczflg7yTRijLkAPy/NDU25mYWh

Score

10^/10

Malware Config

Targets

- Target
  
  ad86bab0367ee08b0ec25fd11c9abd24_JaffaCakes118
- Size
  
  181KB
- MD5
  
  ad86bab0367ee08b0ec25fd11c9abd24
- SHA1
  
  b9b036f357807cf0df196604a121e3187669bbe5
- SHA256
  
  6999a7cd0f68e943ae599e847fb923ffc86383a015a2d2d6f8a7d047951cc154
- SHA512
  
  3495d3865a560c22ef9475a3cd5e74b5766ee358e58fc65fdde86c99927548d0a8d497d95202988624a136b7cdf14cad94d6b58b56256395370083a3ff78f3f6
- SSDEEP
  
  3072:/ONQRnks2NpaHrojQESAOlgpWKFETRj2ymLvsAPyLlgVZgAsbflS25yYGO2JEOWG:HlLoczflg7yTRijLkAPy/NDU25mYWh
Score

10^/10

ardamax discovery keylogger stealer upx
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Ardamax family

Ardamax main executable

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2