ardamax | be672b81417c03e2f1a2bda96f61bcd9f46c4ad28d7ca6c12dc29c576644e7be | Triage

Sharing

General

Target

dd8a7e771ed9a9d628ad15fddb03f604_JaffaCakes118
Size

292KB
Sample

241210-hsjwfaxpht
MD5

dd8a7e771ed9a9d628ad15fddb03f604
SHA1

b44fcee9a7d0e20286e677ff335af76d056c1b21
SHA256

be672b81417c03e2f1a2bda96f61bcd9f46c4ad28d7ca6c12dc29c576644e7be
SHA512

90ad062f621ebde48706a6dfb88d7607812799c3442d811c14b8eef496975e765866fbe059436eea991755c0c9be3f26d7a65a6ffa97d644e5fb3b1c3bc3bfa6
SSDEEP

6144:pG68Z4OME1tOvTtBKg8D+vjmu1ncBplp8yQauC/zPqkWDl7Fg9R4:pe3tOvTtBfjmuRMp4WuCbPIBsR4

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  dd8a7e771ed9a9d628ad15fddb03f604_JaffaCakes118
- Size
  
  292KB
- MD5
  
  dd8a7e771ed9a9d628ad15fddb03f604
- SHA1
  
  b44fcee9a7d0e20286e677ff335af76d056c1b21
- SHA256
  
  be672b81417c03e2f1a2bda96f61bcd9f46c4ad28d7ca6c12dc29c576644e7be
- SHA512
  
  90ad062f621ebde48706a6dfb88d7607812799c3442d811c14b8eef496975e765866fbe059436eea991755c0c9be3f26d7a65a6ffa97d644e5fb3b1c3bc3bfa6
- SSDEEP
  
  6144:pG68Z4OME1tOvTtBKg8D+vjmu1ncBplp8yQauC/zPqkWDl7Fg9R4:pe3tOvTtBfjmuRMp4WuCbPIBsR4
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer