ardamax | 13a9a83e4ec878108d47579ccd31dba1aef7c19914508fabc06de056f4ed9a49 | Triage

Submit
Reports

Overview

overview

Static

static

3

Flash.exe

windows7-x64

Flash.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_1d80cf3f2d1dfabdeee262aec5419f43
Size

2.6MB
Sample

250124-dyz3dsxlcz
MD5

1d80cf3f2d1dfabdeee262aec5419f43
SHA1

4f3b3fc32f42711c62a14976745834ab3434df01
SHA256

13a9a83e4ec878108d47579ccd31dba1aef7c19914508fabc06de056f4ed9a49
SHA512

195c56927ce44d61fc8b245db51ce1e3c707f8245465b29a498532487a15c1d6c929f97fbfaab48ed9fd8d093f25cd4f57b36e118ca67b727be56eb8d5a6650d
SSDEEP

49152:4n4vRZESjKqFsDDgcB1wnu0H3VnH4GNyT2FpsXGzOosj4TiYb:SicB1f0X9H4ayCFpsDU/

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Flash.exe

Resource

win7-20240903-en

ardamax discovery keylogger persistence stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Flash.exe

Resource

win10v2004-20241007-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Flash.EXE
- Size
  
  2.7MB
- MD5
  
  68596193b287a9ff66b1406b2dbe2309
- SHA1
  
  30a1fcb6fdbcf1bee0f4213dd5321906b79c5536
- SHA256
  
  019fcd5f000365cb5b14ffaebce10edafa69ce0cb66637ed338de084a7fdd006
- SHA512
  
  7316aca68bd0f3891f5f5d8b154b9cfc477214c8941a0be008d7fd241c508bdb4bb1a81d92d66cc658144e4f3da6a29be6aa4293e1570786248bb1355bf7ba2b
- SSDEEP
  
  49152:29L+blz0SJWCxWBrg8B1wva4Hpjnt4a7szAFpQFYzK22LSJ282:2XC8B1r4Jrt48s8FpQHea
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy