ardamax | f5bd7c5997a98ad3559e3623cf99985388e0d54d970dee47228310f8aedc33a9 | Triage

Sharing

General

Target

f86e171dfbeeba073ba27e34b2de529f_JaffaCakes118
Size

3.3MB
Sample

241216-lq4dvavmhy
MD5

f86e171dfbeeba073ba27e34b2de529f
SHA1

2a19b3763ff4f233f59d4ecf9d49f9f0edae276e
SHA256

f5bd7c5997a98ad3559e3623cf99985388e0d54d970dee47228310f8aedc33a9
SHA512

5d1a5f4f3bf0cd14a5640482dee7731d4f696733e7be92c55af4abc18d6183ae8ec2d2ccb7c808331f9f3c889eb230dd036243736599b411c331e08baca89397
SSDEEP

98304:7j7YthaAZ0x2q3j5oqBuJDPkIzZx6DnlY:H7oha7X9oz4IzD6RY

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Targets

- Target
  
  Ardamax Keylogger 4.0.2 + Serial/setup_akl.exe
- Size
  
  3.7MB
- MD5
  
  95a6c69fbfd7e0d1ac7690a0f30bc9a5
- SHA1
  
  1fa1f827c8d071c1acf4febdecc6bb69fc7b88a4
- SHA256
  
  a194ad107256b7783b2b82f512468c44743f708e57f1784b4e89b817b39ae019
- SHA512
  
  c79ced7b3f1a23e1bbdb4c05b9e319312b5d7e0044759a4b6f4bb16407920ed1329a865f08a1f98811c76a47937b6ba9d9209bd46a5c8466aedab0f5b7a5e922
- SSDEEP
  
  98304:2IMVXIWgIfWo92sB9W17iq99DOQxrBa9KSQh4xCd5wGBhIRkfYha:2L44fW+jB9UiC97Z4KSjx0wyO
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer