ardamax

General

Target

bc98eb45f61df303243ab468a6b37672_JaffaCakes118
Size

407KB
Sample

241203-kmfypstkdr
MD5

bc98eb45f61df303243ab468a6b37672
SHA1

cde4984c768bd308caa2e7e6ac36a04056f508af
SHA256

5daaaa06072b6fb686b65ee3e5c3b003bf638b159c016a5df693d5d88c991cb3
SHA512

315a0e71460563e21c373ed4b3702df8d77bbe073fe548bbe730e585d3459782c1a4358f817abb49febc37c403fd7843976dd748d0ca5deb61a53c2f4a11fe0f
SSDEEP

12288:E3axEwt22zTNybUfIBYzRi1y9Tn6P727c:E3arjzRGAIBXQn6P72Y

Score

10^/10

Malware Config

Targets

- Target
  
  bc98eb45f61df303243ab468a6b37672_JaffaCakes118
- Size
  
  407KB
- MD5
  
  bc98eb45f61df303243ab468a6b37672
- SHA1
  
  cde4984c768bd308caa2e7e6ac36a04056f508af
- SHA256
  
  5daaaa06072b6fb686b65ee3e5c3b003bf638b159c016a5df693d5d88c991cb3
- SHA512
  
  315a0e71460563e21c373ed4b3702df8d77bbe073fe548bbe730e585d3459782c1a4358f817abb49febc37c403fd7843976dd748d0ca5deb61a53c2f4a11fe0f
- SSDEEP
  
  12288:E3axEwt22zTNybUfIBYzRi1y9Tn6P727c:E3arjzRGAIBXQn6P72Y
Score

10^/10

ardamax discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Ardamax family

Ardamax main executable

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2