ardamax

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_6e9fdbd85c3f5e072b9cbe6a5fe316ef
Size

255KB
Sample

250131-2wmahsyqet
MD5

6e9fdbd85c3f5e072b9cbe6a5fe316ef
SHA1

231d7f60c403a39483731c76e1ad4f3e75dfde38
SHA256

73f84fd9e2c75fa1296a1b2b1c2bbc70892acb2cfb33a3c372cf047d6e650d63
SHA512

ad7164b14e12b822e9e784e1aaa7a0ea97e9076f321b735565f9a56cd882c6fc004c61b1297c20bd89b472718ca6ffc83577a2e79d3ce4467f4f26c2a22ff4e7
SSDEEP

6144:DMrpk9YeqVCVyMRi8D6/MynywM29rAXIHDZOS0qPyKMo/S:D0EFYQyWtSfBZrLHVoQyKz/S

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_6e9fdbd85c3f5e072b9cbe6a5fe316ef
- Size
  
  255KB
- MD5
  
  6e9fdbd85c3f5e072b9cbe6a5fe316ef
- SHA1
  
  231d7f60c403a39483731c76e1ad4f3e75dfde38
- SHA256
  
  73f84fd9e2c75fa1296a1b2b1c2bbc70892acb2cfb33a3c372cf047d6e650d63
- SHA512
  
  ad7164b14e12b822e9e784e1aaa7a0ea97e9076f321b735565f9a56cd882c6fc004c61b1297c20bd89b472718ca6ffc83577a2e79d3ce4467f4f26c2a22ff4e7
- SSDEEP
  
  6144:DMrpk9YeqVCVyMRi8D6/MynywM29rAXIHDZOS0qPyKMo/S:D0EFYQyWtSfBZrLHVoQyKz/S
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  "AKL.003"
- Size
  
  4KB
- MD5
  
  b2428dc1f1a06ca137052bd3e4565bdd
- SHA1
  
  b16d0640f8a0af70d2ac43089b8df3afe3de8845
- SHA256
  
  0b9c70d6c79a70d1a1958b9c5c4fb88e56b8fdfae0d345721370706f083f4fef
- SHA512
  
  c2fcc8f90a2ec1abec1161c7235b004032cbe1bfe850e1d554a6371d3fd36c537d440cb413ac0517d7ed589fffcc97780a896174dcae5de160094edac0a276a6
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  "AKL.004"
- Size
  
  15KB
- MD5
  
  93b6218ddcaaa1958f98aa3210279569
- SHA1
  
  2e0c3e6c6d640a0ea22541d2b9e91dd93003a457
- SHA256
  
  dbc326869fb06d38b519132130e7aff6bdd62339e426346521e241215b8a73c7
- SHA512
  
  ef51289799d168f80973ad13c0b965153fe6db1412d6fe1bb801d5eefe339e63d1a6b58724fac4aaaf9c2f8f08198a5b2038febfbbb082d22fc5b6b829bbc589
- SSDEEP
  
  192:FpLGzyTNyGquKwYYVzWixqicgfg8nXYvYqbB7DGSubWZFoynYkvaSbi:F1GzANSJwYYVzWijbf9nXGJ60FS2a
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  "AKL.006"
- Size
  
  4KB
- MD5
  
  626b46c466bcc63f2888dbe1bf7c07ea
- SHA1
  
  d6348cd2e7471c71940b22329057dabb6eb9b1aa
- SHA256
  
  447973833fe70c0fdfbde12b03af25c8e238b976703b3a349ce24db7bff6dbb3
- SHA512
  
  7ec431c583427b49e355299dbe7192c14fecb12b953e04e4844ced42b33618dd66d04b94dc811c21dae965801385d283572e6c164d6df89c392ee0bf045187f0
- SSDEEP
  
  48:ai+n/3GlffmxnChbP4LzoJfO55+AAc+NRGcRijq:Qn/WlWshbezXL+AAcS4cR5
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  "AKL.007"
- Size
  
  6KB
- MD5
  
  a7868b0f2d9c382d80019bcc2014b9c6
- SHA1
  
  f7f1a902bc83ee7d21e44add822c2746dba63e5a
- SHA256
  
  0fdb7ba1709a0fb29a1b6c0c5ab2c9efe24158054ffc9db0161218b29468755c
- SHA512
  
  8bcabe75ec0bfdefc22ff00deca0d63fb459622fc1fa7a9379e2f7e99ec75cfe2f76fb98b195ed40f050e56da1a2503dd7a9d551f0d66494349723686376d448
- SSDEEP
  
  96:U559JuAtqDsKVbpNsIGNgDLYJ/hdvvJ969Jhd+s8VHPnf:U5EAtqYOFNDG6DLYR/azhd+vtPf
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  "AKL.chm"
- Size
  
  29KB
- MD5
  
  d13ed324e027ab8a1360a3403edb5f9a
- SHA1
  
  acba2fb32c644d36f860779ecd3d481ee5e99412
- SHA256
  
  f2abc1144d03e723f68906fdfcc63bf7becff01ec34f66836ffe39e2ac79673d
- SHA512
  
  f9545687f07f758ded2118441ad3ccbfad71c1ba91dd9809bdf35cb3f1dfd6416d56a71fc56849fb9d8b70322f733bb35247d753703e4b7dff0d9de754575836
- SSDEEP
  
  768:pyV4MUVQ2t0noqaOwtPXoPCuCNr6DMysm2Are:pyV4MUVQ2t0XqPXolI6Dgm2Oe
Score

1^/10
behavioral11 behavioral12
- Target
  
  "AKL.exe"
- Size
  
  218KB
- MD5
  
  780bdf7f767d8a85f1844721cd0077fa
- SHA1
  
  1ad480226e8532edda9909030cadac61c9a22ba1
- SHA256
  
  39f0a4980627c596514e51a540d4e721c8f1bf3d0c9e69abc8b3f11f7c4b9314
- SHA512
  
  6d68ac87d611ca8dc3869438346681782df17f70128200edc35a82defc966da2597aaf4416bbd4a7f7b34b5ca424491bf4c4b7148aea02502242519b0c8e0577
- SSDEEP
  
  3072:P+efErpiiTTYBA63HxDzIzb6xl7KhnftzEdJZktpFAwl+DLNeIb:PBfKTEb39czbQtKCyrCTMI
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  9aff00ec14e6cb71a13451011c580077
- SHA1
  
  5972140e4a0addb9eac685fe6037da7479f23ecf
- SHA256
  
  cc8145683ad8fd77bd5cca193e84188e40d6d03a0a0d1d00e2bdbef91be96bb3
- SHA512
  
  311abd4e9927c1424d794ba401f3935ad3b108a2124e58e0d29aa946514c7a1d62b9b08b013699f4f90796bdfb6c07211daddbb521c1d20ccee771f6ea43b110
- SSDEEP
  
  192:zCCxNg+SdnWKZFzReF6KOgEpoAlwYmjspWnlAb2bG7F1QuIp:+Cxazn5aF4N2AWpZy2Ru
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  AKV.exe
- Size
  
  162KB
- MD5
  
  b0e2e8c4f1623f666de785e7cb4c7e94
- SHA1
  
  9e7f4a47c952193645c38b815784d8431c7d6c24
- SHA256
  
  001837fcafccec8059942897e93643b4bd710ed27e286dbf95dbf6e0d7744711
- SHA512
  
  950e0c849f750ce2dc654f358fb2b5220995f97abfd200d09d5ccbdf3c20885f6d2974a2243d840ba8a733a91fffd36740c4bbf435cc0a06f5283e848ffa97ee
- SSDEEP
  
  3072:XZ0HmNq4QnRkIzvL24KCfstd3Y1Q1KMtosx5bpznN1l:umNqxnRkIzv6TIstJH1FDbpzN
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Uninstall.exe
- Size
  
  44KB
- MD5
  
  c30a8655799cdcf83ff2ac51af7da1f7
- SHA1
  
  f1a817a066e8f6e1c5472d484c9a38e54a1c348e
- SHA256
  
  d0bdf661871582c8086e5c753ba4d4d725371e3a5612a377cb41f2d144189594
- SHA512
  
  b13a422c7eff9b7bd4b391b854735317143ba321cb40a155df05dc2240f9653eeca67dd230117f606baad0832066073926030d4168f6f4d658ab347fde0aa33d
- SSDEEP
  
  768:9VSO0QdGLkD8HYayXJMIBImhiPbvu9/vHtLE8JGlzIvGmUgmoAql3/3:90mrcYRiiVhOuc8JmIhmoAqlv3
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  qs.html
- Size
  
  1KB
- MD5
  
  1f8a533b1761fd59231b763303647650
- SHA1
  
  8f4f75b6b7228257b501c6b3f990d27c55ee1b7f
- SHA256
  
  1a962c7395d596113445b2b7fa0efd5bde4b64a413aa528daed9b7327aa2ae07
- SHA512
  
  f04535920dba1a820b1253c61b347bde4d14307258b1ecf866b9f481045cef074307500bdb1c4bb5bfe4f9a22811ba79df42f38141df15d3ae332b445095ad1a
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Ardamax family

Ardamax main executable

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Adds Run key to start application

Checks installed software on the system

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22