ardamax | df9c583129bc830f46601ea808deb093d46e49e43c42eb0e3afd986314e01cf2 | Triage

Sharing

General

Target

b457ae6a65aa26ec9ac95ee10e93de7a_JaffaCakes118
Size

271KB
Sample

241130-b6s8ps1kak
MD5

b457ae6a65aa26ec9ac95ee10e93de7a
SHA1

03f39a22eb76b58f01215dd518c412d079d71123
SHA256

df9c583129bc830f46601ea808deb093d46e49e43c42eb0e3afd986314e01cf2
SHA512

2e093e7891f8024be8b9cfacfa3eb71d2a8149001f4fe9514c1c086a87ba06504ac0338390a422e260597e7c6ed3297c630b9a51627379abcff1f843e0351b89
SSDEEP

6144:dlG6BnTFhsvi9wu+bfEz2k4+jUXUm2dMbYVACCuKADd6tV:dlTJWviB2kBjUX9GMbYzC5AeV

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  b457ae6a65aa26ec9ac95ee10e93de7a_JaffaCakes118
- Size
  
  271KB
- MD5
  
  b457ae6a65aa26ec9ac95ee10e93de7a
- SHA1
  
  03f39a22eb76b58f01215dd518c412d079d71123
- SHA256
  
  df9c583129bc830f46601ea808deb093d46e49e43c42eb0e3afd986314e01cf2
- SHA512
  
  2e093e7891f8024be8b9cfacfa3eb71d2a8149001f4fe9514c1c086a87ba06504ac0338390a422e260597e7c6ed3297c630b9a51627379abcff1f843e0351b89
- SSDEEP
  
  6144:dlG6BnTFhsvi9wu+bfEz2k4+jUXUm2dMbYVACCuKADd6tV:dlTJWviB2kBjUX9GMbYzC5AeV
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer