ardamax | dd2976c27594b4e40b7dc06e54d8b2f543db95a6afdd7115989aad71b228bf20 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...fc.exe

windows7-x64

JaffaCakes...fc.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_28d737c36a5928f9905fbcbfc3f176fc
Size

596KB
Sample

250125-gtv5esyrc1
MD5

28d737c36a5928f9905fbcbfc3f176fc
SHA1

7cadb3cedeaa6141bdd8d00273d5de0097737bbb
SHA256

dd2976c27594b4e40b7dc06e54d8b2f543db95a6afdd7115989aad71b228bf20
SHA512

45668a4cde97e989505ae6616734e9c6b8bd8720e543da3bfc7a08dae40c742ea73f1d660ab63a4eebe8315b42ce55fcdb542ce1b05f5c54273d560cb8c840d6
SSDEEP

12288:F1PFlJSZtV0IpS2NZ+CzNhhd/JF2r10pnbyZa2FnZJS/tyPgdgUJP:PNOZLJpS2BN9R2pZJOtyeP

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_28d737c36a5928f9905fbcbfc3f176fc.exe

Resource

win7-20240903-en

ardamax discovery keylogger persistence stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_28d737c36a5928f9905fbcbfc3f176fc.exe

Resource

win10v2004-20241007-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_28d737c36a5928f9905fbcbfc3f176fc
- Size
  
  596KB
- MD5
  
  28d737c36a5928f9905fbcbfc3f176fc
- SHA1
  
  7cadb3cedeaa6141bdd8d00273d5de0097737bbb
- SHA256
  
  dd2976c27594b4e40b7dc06e54d8b2f543db95a6afdd7115989aad71b228bf20
- SHA512
  
  45668a4cde97e989505ae6616734e9c6b8bd8720e543da3bfc7a08dae40c742ea73f1d660ab63a4eebe8315b42ce55fcdb542ce1b05f5c54273d560cb8c840d6
- SSDEEP
  
  12288:F1PFlJSZtV0IpS2NZ+CzNhhd/JF2r10pnbyZa2FnZJS/tyPgdgUJP:PNOZLJpS2BN9R2pZJOtyeP
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy