ardamax

Sharing

Copy URL

Twitter E-mail

General

Target

f6c0e59d2bf4e3a26bffbc4f534c8398_JaffaCakes118
Size

263KB
Sample

241216-ccc53axqcw
MD5

f6c0e59d2bf4e3a26bffbc4f534c8398
SHA1

357acce7d203efc55ac3208c2750226fca39d034
SHA256

0aad85d84f05a4a15d601dde72683f809fed0373f57c99c4e4029d9f8e1d5ef3
SHA512

ed0f0fcfaf42cd3ad019591a11e1c926b75fa191a0683b59aab80124e8e32975fb1f9e2895762bf8189b2a8b1ced42984f448e89d7819709ea3474fce1dba503
SSDEEP

6144:uMre14YG/6rQ+u5efO+0mX16ahX/K0KwjOKPbenLBKln:u/S3/saoO+0mX16jeOaKLByn

Score

10^/10

Malware Config

Targets

- Target
  
  f6c0e59d2bf4e3a26bffbc4f534c8398_JaffaCakes118
- Size
  
  263KB
- MD5
  
  f6c0e59d2bf4e3a26bffbc4f534c8398
- SHA1
  
  357acce7d203efc55ac3208c2750226fca39d034
- SHA256
  
  0aad85d84f05a4a15d601dde72683f809fed0373f57c99c4e4029d9f8e1d5ef3
- SHA512
  
  ed0f0fcfaf42cd3ad019591a11e1c926b75fa191a0683b59aab80124e8e32975fb1f9e2895762bf8189b2a8b1ced42984f448e89d7819709ea3474fce1dba503
- SSDEEP
  
  6144:uMre14YG/6rQ+u5efO+0mX16ahX/K0KwjOKPbenLBKln:u/S3/saoO+0mX16jeOaKLByn
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  "MT.003"
- Size
  
  4KB
- MD5
  
  de3f9e4f680ff22e8712fa9b32ff85ee
- SHA1
  
  0cc885ed6502b3b610af57ee2095410751d9dd78
- SHA256
  
  477f789ffe931ee11197de814231fdc770e6e6c1e94b0fec5bee0adecd32dd03
- SHA512
  
  daf04bb16fec1130dc08e72b7f28b0041b2eb78900e1464e15f1e20e1705a0de24d3df0de8111a42aed03d73db6f8eb5e30c87f34b4a745d4aa27d84e09d9f90
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  "MT.004"
- Size
  
  15KB
- MD5
  
  3f4b9be93474fa94d31a0dbc0e10dfac
- SHA1
  
  ae15fff1486196e75c4722eb85be9506a588d23c
- SHA256
  
  7585c98dd58c7a79042a3fcd4a3c5499475cc803674272b2c4e2c57d6004b753
- SHA512
  
  b3619a4edeab49f1c6f57aa29f64cddd35eff54a5df41a8f645116bc935eb863455c743bec27349cf5e7e44ce03fa891c51c66ca5adaf2ce2841b61febce862e
- SSDEEP
  
  192:F+LGzyW+oSqaKwQ8VzWixqiUgHgUrXYVxYqbB7LGSuFqWA1FoynYkvCSbi:F0GzE41wQ8VzWijDHdrXmJSx41FS2C
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  "MT.006"
- Size
  
  4KB
- MD5
  
  1153fe5fbe61266713539cae72d87ad3
- SHA1
  
  245047d3d158f4eda34290ed22e4bb13a28f9539
- SHA256
  
  3b2700a8033916afd0e89ab5519702720f35b94a570ebe865df113f2aacda16c
- SHA512
  
  24058cdebaf8ccfc00622301927b221116b846c2a8acf8f0935ba30e0d716bfecd6ab07aaf8d93030ec2149ee98eec5f6d2395ee8a1a62ad00e07124447c107c
- SSDEEP
  
  48:ai+n/3IfmxnChbP4LzohfO55+AAc+NJGrijq:Qn/1shbezXL+AAcSwr5
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  "MT.007"
- Size
  
  6KB
- MD5
  
  049989542b610261bde51aff6b71d4aa
- SHA1
  
  22de68b6548faf1ec1b52f14a1f197fa5152babd
- SHA256
  
  48cabcd5da354d4018809d12ca445c4c6324250f22450aca04222c214b9ae42d
- SHA512
  
  8cc0cb8167598e50a91230061cbe12d0d724151dc454f6cf0dcd5074efc704602796a9a136e53f609a6d54ad6c468aff2db263ad72b4b7d7febd32656eece34c
- SSDEEP
  
  96:Um59JuAtqDsKVbpNsIGNgDLYJ/hdvvJ969J2+s8VHPnf:UmEAtqYOFNDG6DLYR/az2+vtPf
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  "MT.chm"
- Size
  
  29KB
- MD5
  
  d7113eec82c29b6bf795ed39d427c2d9
- SHA1
  
  43a8bfc625f4e08acf0c3b1eda048a3773b81f0f
- SHA256
  
  48ec4ae533e6ed162ed2c89985c0c85cc9c240ef3932338b53eca4914a3a4685
- SHA512
  
  089f94f5e2a25859d1d65293b823b6074cae76fe9fbea75afa0cf04329dffca1ee83c2f497c4008c365e5ba8b0bcd10dda283a2e4f4dc4d3ed2dc591aafa9fb8
- SSDEEP
  
  384:M5rmG+jfpeQtndBDm6o7XNzLHDYQ/fAoNw+7YaE990QsCNF0oeK:M18bDdi7tTkQlb7JCN6nK
Score

1^/10
behavioral11 behavioral12
- Target
  
  "MT.exe"
- Size
  
  231KB
- MD5
  
  79c6903c4794af027053331946137b26
- SHA1
  
  b688916709014fc874c5b7870553105a9961c652
- SHA256
  
  f3cbf3dd3f229f6119a8be5357959b77af1a43f9d568a7febe9a06f7593b20ed
- SHA512
  
  ac28813dcdc38ff1b0736b1673ced7e35d7da5667b0224b88952908564373ae61aff1b0f03d27e40b613559c8d4e37c402269791db2ed1311f62d069a2e5111e
- SSDEEP
  
  3072:MPPARFB6mhJmiL1qlYp59IGLZRABmSJoc5/lQ0ixq0YWrecpqlKNb/aGb:06/h0C4656GL0fD/T10bxZkG
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  9aff00ec14e6cb71a13451011c580077
- SHA1
  
  5972140e4a0addb9eac685fe6037da7479f23ecf
- SHA256
  
  cc8145683ad8fd77bd5cca193e84188e40d6d03a0a0d1d00e2bdbef91be96bb3
- SHA512
  
  311abd4e9927c1424d794ba401f3935ad3b108a2124e58e0d29aa946514c7a1d62b9b08b013699f4f90796bdfb6c07211daddbb521c1d20ccee771f6ea43b110
- SSDEEP
  
  192:zCCxNg+SdnWKZFzReF6KOgEpoAlwYmjspWnlAb2bG7F1QuIp:+Cxazn5aF4N2AWpZy2Ru
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  AKV.exe
- Size
  
  164KB
- MD5
  
  8d203326b01bd2727e59f3c0c067af79
- SHA1
  
  77c12f3a6c379fb240c123381b85021b3f0e2b73
- SHA256
  
  830081bb73acd2068fa34ae5d65c5fecaac8772e264e7dc6e5ff6401f073d97a
- SHA512
  
  a655234055c9f053ee50f6e8b01d3ff9ce7ccd00596b172c1087a5ab4b99e8ac3b51588442944694bc0de776e5a4da22e2a3adde060db74508d535fd1a9d3e5d
- SSDEEP
  
  3072:CopKdd72L34c/RnCG0DgI5CAd6KQ9KNtol8Gbpz+A1l:Vgl2L34c/RSgI5Ps9jpbpz9
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Uninstall.exe
- Size
  
  44KB
- MD5
  
  eb0481a12d4fc1520d5f4b1222aee33a
- SHA1
  
  ac644d991127d8eacb03f2f2434481b27069f3f9
- SHA256
  
  862d49b9ee0d7e1f8d015ce8c5044ca67b2e64e481503b7a87abd66dca9b38dd
- SHA512
  
  a8355d1d95955edf5432b263130438e68d65820271260343c8785c45fcb0534f8935e237fba6e6f459484c009fcaf86eb0ad053ee58284aea0b1679e8faf254d
- SSDEEP
  
  768:SVSO0QdGLkD8HYayXJMIBImhiPbvu9/vHtLE8JGlzJgfPiqLw:S0mrcYRiiVhOuc8JmkLk
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  qs.html
- Size
  
  1KB
- MD5
  
  1f8a533b1761fd59231b763303647650
- SHA1
  
  8f4f75b6b7228257b501c6b3f990d27c55ee1b7f
- SHA256
  
  1a962c7395d596113445b2b7fa0efd5bde4b64a413aa528daed9b7327aa2ae07
- SHA512
  
  f04535920dba1a820b1253c61b347bde4d14307258b1ecf866b9f481045cef074307500bdb1c4bb5bfe4f9a22811ba79df42f38141df15d3ae332b445095ad1a
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Ardamax family

Ardamax main executable

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Adds Run key to start application

Checks installed software on the system

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22