ardamax | e4d95be483d87f25db57da7bf5f280583803140f7419ba6692564e685926d1d3 | Triage

Sharing

General

Target

d1b6223c9444283f76758dee7bcd907d_JaffaCakes118
Size

756KB
Sample

241207-lcv6basjem
MD5

d1b6223c9444283f76758dee7bcd907d
SHA1

73648b62774211b9c8b0cf66f3919a01df4b5dea
SHA256

e4d95be483d87f25db57da7bf5f280583803140f7419ba6692564e685926d1d3
SHA512

e20e24d272b3bd68a39f8a790fa1f38e417814d651fb35efeeec2c330acaa8877cd94b75b850b6bdc8c1dcda2fe52b8473fb8c16a741685cdeefde31845fdc5a
SSDEEP

12288:WGe6ASVjW+ewWqhIJ0JiUBxq4h6gX4+J68w+j/xucLX9R9otMtrhg3Indzc6Mq:86ASVC+oMIJaDBlh6gIfaDxumtXeeFd7

Score

10^/10

ardamax adware discovery keylogger stealer

Malware Config

Targets

- Target
  
  d1b6223c9444283f76758dee7bcd907d_JaffaCakes118
- Size
  
  756KB
- MD5
  
  d1b6223c9444283f76758dee7bcd907d
- SHA1
  
  73648b62774211b9c8b0cf66f3919a01df4b5dea
- SHA256
  
  e4d95be483d87f25db57da7bf5f280583803140f7419ba6692564e685926d1d3
- SHA512
  
  e20e24d272b3bd68a39f8a790fa1f38e417814d651fb35efeeec2c330acaa8877cd94b75b850b6bdc8c1dcda2fe52b8473fb8c16a741685cdeefde31845fdc5a
- SSDEEP
  
  12288:WGe6ASVjW+ewWqhIJ0JiUBxq4h6gX4+J68w+j/xucLX9R9otMtrhg3Indzc6Mq:86ASVC+oMIJaDBlh6gIfaDxumtXeeFd7
Score

10^/10

ardamax adware discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Program crash
behavioral1 behavioral2
- Target
  
  /tbu05006/autofill_plugin.dll
- Size
  
  148KB
- MD5
  
  b7713a243e845d4a94e660609cb38184
- SHA1
  
  ed0fe02af87bf34fc42772a64810dfcf358be1c8
- SHA256
  
  64a5d90a5acdba9cda5ffe1ea4065b120b7a137300efcf12a0b2a9a3e6861ee8
- SHA512
  
  fc984fce63387c164273e8be57eb8005e92b9246e061bd298e9297fb16559851ef1abac180f7e11c3d7ccdefd2b1a67ded39aaaedd689b87731b8cc7cc8c6ab6
- SSDEEP
  
  3072:Mhqisxv7WAybcmuxKhygz/bBSIKQ4tvgFm8G3:MhqiGW/Avxe1SIotVr3
Score

1^/10
behavioral3 behavioral4
- Target
  
  /tbu05006/custombuttons_additem.html
- Size
  
  5KB
- MD5
  
  3753249e9cf870545aff904c351c62ad
- SHA1
  
  e08a78cb7903664c0776a1d5a07455485b2697f7
- SHA256
  
  78e02ba3d6d60f44ebd5d9fb6b8c26df8326b87c4cfe76c3334bf50511c397b3
- SHA512
  
  0c3a866f141c764dabed73c222416d919419ded396cb99b1bdaab77ec166fe09f8142dbb59727793109ab2ea1f752562752763390911e8677c81cd58492a4d2a
- SSDEEP
  
  96:4CQTpIxbZAMAEGMAIoRuaMMLSPMMLj5MAKVWMPAPgMDtGvN7m4Ny1CP1EhKXTM9a:oTp+5HBNmdT4507nNgIXTQiqz3Dphbfo
Score

1^/10
behavioral5 behavioral6
- Target
  
  /tbu05006/custombuttons_imageviewer.html
- Size
  
  1KB
- MD5
  
  4ce770a6e20bdd5b57fc406edb5e5c9d
- SHA1
  
  7a97843c871549281295c2f11a1888fd3628b515
- SHA256
  
  3a4bcea74e23b899ab3b7a99b2d046b2ad36959314e0c8d3d44e811340b2ec65
- SHA512
  
  b745a2a836b7cb16e7a4c8144030485f7a48da574c0fb0f004e9643cfdb6fcd1a8ff11e54d3fee70caca7c87495752f458873f9e52fda08f6470a95ab6ccc94d
Score

1^/10
behavioral7 behavioral8
- Target
  
  /tbu05006/custombuttons_list.html
- Size
  
  14KB
- MD5
  
  f31221ea317f96dccd0f80a714558a51
- SHA1
  
  b709a1ea654033b26681e00ba9d3380b5fc1c1f5
- SHA256
  
  0728809962454119fd73117905c66b3652b2fbe780b01721abb2ce57eb767342
- SHA512
  
  825116590d183b4cb1bb3bab8ee45e59c84d4d4b2bcf64d2cb33c1589e3d2b1175e14c84c22a99aac2a8b2f4d805290d2d4d8216339084b5c2f4b32235428b83
- SSDEEP
  
  192:7cJHj+kpIp07ZNg9K6Qiqz3JaACY9UzAqd9UmIiCin46iRio6IchksskAO3smV:WHup00EfmgWzAoWxiCin46iRio6akAiV
Score

1^/10
behavioral10 behavioral9
- Target
  
  /tbu05006/custombuttons_menulist.html
- Size
  
  17KB
- MD5
  
  d096c647f6a3d1f38af0cca88ea8f8ac
- SHA1
  
  eb1cfc986d02ea61148204c4e3e3e4d8528485e7
- SHA256
  
  9c0c46dcdd6a76c0c362f36734c6ae046a498f14dff3ae62064249ee5fd1029a
- SHA512
  
  46b9852889fa1a887f5b0c340ed66cf9f154252f8248076a67d34631ce67755171c0cdd42383166e929ac1a9e28a05a85398636afcd491b24e505449323fd1ed
- SSDEEP
  
  384:WEAYHPMFL0lEztXF4FQiCin46iRirdm6iMUAmb:+0litF4Ftrn4jYojN
Score

1^/10
behavioral11 behavioral12
- Target
  
  /tbu05006/msvcp60.dll
- Size
  
  392KB
- MD5
  
  cb21d826d9c39aed19dd431c1880f5de
- SHA1
  
  6eafcc2fdfdf73abea334ac7afb903829f6ff2a6
- SHA256
  
  f1fd0f1a54f196b19a6f21044092c89c02353dad173c236d80f6474cb8a7ea7f
- SHA512
  
  d4223a0ad6118b1dae8505ad4675f6e87e4fa9ebca6fdbe2ee3f0ea868ced15f07fb5ae2d9a41d8992a9d41a9bbe4b16f7ac6eeb1c99324ed8fa3a8fc47af150
- SSDEEP
  
  6144:JMwHMqYtDOVeHYL5TQUHJ/MrfIbIq3OoxHkCJ02s5lx:SvqYROVeHYFQUVMrwMq3OoxHkCrY
Score

1^/10
behavioral13 behavioral14
- Target
  
  /tbu05006/msvcrt.dll
- Size
  
  284KB
- MD5
  
  e054edafdb3997d84201275a743488ad
- SHA1
  
  2df120342d1befe0329d4941a60a3205fee5e597
- SHA256
  
  11b2e109ba8012d8ddcee1dd8b6ca060aedccbb60663f964d34d4ae50449d105
- SHA512
  
  f58549d4900e996637880685b4d6e69318ee7d1ff229a1e3931c226ffcf9f6d2375713ad5587a58dccf36257b13901231f523116ce54b4587d254a579301e713
- SSDEEP
  
  6144:8yI9u9n5KfEXLIwK+MdM7CdgH8i8/MFMgiFjNr7mcl20t56u:L2QncfEcwK+M67CdgHU5Uzyt
Score

1^/10
behavioral15 behavioral16
- Target
  
  /tbu05006/snipetoolfull.dll
- Size
  
  532KB
- MD5
  
  168160f56873fbd542d0f3870609fbe5
- SHA1
  
  c2f142a14b8f1c512f452e9ffc82a756985e2c01
- SHA256
  
  ff8c2c025efe03bec848bf614e752f44fbcc2ef6e3253ef4e45fa86da015bb89
- SHA512
  
  58edab6c072bc946fd807be66d22535352ffda54858659a350c4b03b0614cfd7776cd2b21c87b977a6a2df3ce1d2a89d191c649a8772b32550ca94e18c92f33c
- SSDEEP
  
  12288:vEbKY0V8/QEyUXCOxlhGZufkRoTuUPha8vBp:viKIbS+hHk3Kha8vBp
Score

1^/10
behavioral17 behavioral18
- Target
  
  /tbu05006/spyrem.exe
- Size
  
  280KB
- MD5
  
  d464b9ca5f771d88c6b2a2b7ba359aac
- SHA1
  
  c401a9e54bac45cd87aa70c83abd0e193fc47d0e
- SHA256
  
  d7fdb53aec3090b81881ee63c47c3f766a25245afd892026b96dc82eea5d21e3
- SHA512
  
  9de2566e953eca760d86978feda5e51a9a1ca0f75b0347b8483ffe3bd80e96ba2ba52570476df0550b23851991360b631b6f3cdc8c4ab8ee1ca565ae4afc4a54
- SSDEEP
  
  3072:caD1ATqbXt7aMwOCuMAeWAhohG+Ccv1oQT/Hq3R3GJd67ZI:caDmTcZXwRAvGbcvtHAh8dcZ
Score

1^/10
behavioral19 behavioral20
- Target
  
  /tbu05006/tracert.exe
- Size
  
  10KB
- MD5
  
  9b4976f23d26be71ead311dc13184a73
- SHA1
  
  fac39f5597afaf4a0c60e0618847bcb64a6a5f74
- SHA256
  
  5c9a1a4b1d3877762aaefa806c67b1b7382bb8dc0619ba1954af9d1056151e6c
- SHA512
  
  f2afb8461a2afb68ac7e9143611dea71561e26af3243f2af7c153be43a176d6a6f39f68d13c3f8057075e2ffb29a64cfe51605d83fd3a7506e8b5d4f623420c2
- SSDEEP
  
  192:aZu5rwy5xEH+x+bEq+PWJfM4N0kRrWx0W5OT3ZjddvIVK5VF:a6RxES+bEq+2M4N/Wx0WUMK
Score

1^/10
behavioral21 behavioral22
- Target
  
  /tbu05006/tracertsettings.html
- Size
  
  3KB
- MD5
  
  86a6a5fd8128a2cf8401d7cd84525581
- SHA1
  
  ff02ab29b6ba344ace4c62b807b5b87167fd876d
- SHA256
  
  63da9d985a598aaa5c5d4e5e5e7569bd64b3877f73aba371b8ec72565900b7d5
- SHA512
  
  df9a951f25610a29a48da3625206afd9fc03cb4fbcf1b9ef65a9dfc78442e062e3250e3451d9163addce7a385ecd544d26065153e20b400970ca873944ac59d8
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxadwarediscoverykeyloggerstealer

behavioral2

ardamaxadwarediscoverykeyloggerstealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24