ardamax

General

Target

JaffaCakes118_5b575566c36b34240af7edcec548f56e
Size

710KB
Sample

250129-ztz3gszjax
MD5

5b575566c36b34240af7edcec548f56e
SHA1

b9c840cc4099f9a9acc06c7a2c492941efb16214
SHA256

11ef5e8bc8535c90bf67ad487313fcf9db5bdf724c7f683e8f35b122f80b2fff
SHA512

3cd5f52af5eccaf9d802ef2ad355179d98fdc69af89df1a4406c3440bf6e6bf6436e41bfcebdbb8d263bb9f3b373b040cb7887ee3bec572c928b0fe9f3462290
SSDEEP

12288:QAQJXYEO6Q0g0SFFivT9fsIIBpBwxc1fgldJAcrT0tIMIxnbbDMObQG7nw:EQ0g9eT9URrX1fEAY8CrcG7w

Score

10^/10

Malware Config

Targets

- Target
  
  RAGNAR~1.EXE
- Size
  
  496KB
- MD5
  
  280c548e48051dd256fe9aa819b569e7
- SHA1
  
  ffbec20fc4d2895c6d3d28f78a70d4c39676424f
- SHA256
  
  38426503e6797af6d0eba4b1504de5b4785548eb8c43f6e7c9320d11eacdf2cf
- SHA512
  
  9e84eb8551c5cf6b2ddedcff33bbf56cf021378b294f873f5ba7774a977919f78757ef501863ae15db94634a052a52c15d0ee64657b53869da4cbcb2d498d6c1
- SSDEEP
  
  12288:J6QJX4b8yQyg0k1FfoT9fsIITWBDxD1f4jBiRx1C+HdJAco:2Qygf6T9URKT1f0iv1C+TAX
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  xxx.exe
- Size
  
  539KB
- MD5
  
  0d2361786ac8ab9f426ac13c5c1d8118
- SHA1
  
  b7cb32d675c90bd8776a31e1d0f77145698c8b7f
- SHA256
  
  643d0fc4c7e7b062d1bdb9dd173a25e9ab8191c30420202a27c4c2f521d6e1ea
- SHA512
  
  feeee7ec9aae0e794cd2207d39e74c5482d128d6cf9b26d4e81cd99a0e2316f46bc8bf425e616a53e0b456760b6f6b73fdbab2a71b4c7362d1dff83d171d03e5
- SSDEEP
  
  12288:0nYalCGHckvIXYSCfOlw+Ch9VXbLGh53NS:qhl5cktBOlwldbqL9
Score

7^/10

discovery spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral3 behavioral4