ardamax

General

Target

JaffaCakes118_664a7b6a42db1aa240199053562ec5f7
Size

274KB
Sample

250130-y87v7stper
MD5

664a7b6a42db1aa240199053562ec5f7
SHA1

b7af2bafba743e331eaf796358e5187e7f26791b
SHA256

fb74318d0c0cb92de0ef47bf0466cf4c639f1618c44618d48ad3af1c9834afbc
SHA512

98e49ebb8f6acc3d198092feccff6ae5fce1c096d1e3d7bc187a113f19317c666f2ee41eb952675be823f760b3d33a2eedd8bdc9b88711bec2b147467f1372b6
SSDEEP

6144:dmpyGI65PQOl/vVxo05nj7AbfizLwLcEFFtzdiWGYljkx1:dmaOl/txD9PAKLwLcEFtsWGQj81

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_664a7b6a42db1aa240199053562ec5f7
- Size
  
  274KB
- MD5
  
  664a7b6a42db1aa240199053562ec5f7
- SHA1
  
  b7af2bafba743e331eaf796358e5187e7f26791b
- SHA256
  
  fb74318d0c0cb92de0ef47bf0466cf4c639f1618c44618d48ad3af1c9834afbc
- SHA512
  
  98e49ebb8f6acc3d198092feccff6ae5fce1c096d1e3d7bc187a113f19317c666f2ee41eb952675be823f760b3d33a2eedd8bdc9b88711bec2b147467f1372b6
- SSDEEP
  
  6144:dmpyGI65PQOl/vVxo05nj7AbfizLwLcEFFtzdiWGYljkx1:dmaOl/txD9PAKLwLcEFtsWGQj81
Score

10^/10

ardamax discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Ardamax family

Ardamax main executable

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2