ardamax | e5428a80bdf896e482d0bf49f58b79c7b4a5d62c011dd7e86ba80c07df6dea32 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...01.exe

windows7-x64

JaffaCakes...01.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_8196260df13d0836acf9f156bdbbd301
Size

459KB
Sample

250202-2lvh5s1jg1
MD5

8196260df13d0836acf9f156bdbbd301
SHA1

6cb3531f12477e491bfc143a572c63d360dae555
SHA256

e5428a80bdf896e482d0bf49f58b79c7b4a5d62c011dd7e86ba80c07df6dea32
SHA512

4fb6fbb63e187a8986eee92adb60c8bf842f770acd3af3557111113a564e72f9bab7ac13ad4a2316715e7960ac17e9254fe3c4f1801079c4f280c35de1b39535
SSDEEP

12288:X9TU4wk/uFP25o7D/qEyDXhtKV6igjSvL0wG:hU4wQuFP1/bojSvS

Score

10^/10

ardamax defense_evasion discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_8196260df13d0836acf9f156bdbbd301.exe

Resource

win7-20241010-en

ardamax defense_evasion discovery keylogger stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_8196260df13d0836acf9f156bdbbd301.exe

Resource

win10v2004-20241007-en

ardamax defense_evasion discovery keylogger stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_8196260df13d0836acf9f156bdbbd301
- Size
  
  459KB
- MD5
  
  8196260df13d0836acf9f156bdbbd301
- SHA1
  
  6cb3531f12477e491bfc143a572c63d360dae555
- SHA256
  
  e5428a80bdf896e482d0bf49f58b79c7b4a5d62c011dd7e86ba80c07df6dea32
- SHA512
  
  4fb6fbb63e187a8986eee92adb60c8bf842f770acd3af3557111113a564e72f9bab7ac13ad4a2316715e7960ac17e9254fe3c4f1801079c4f280c35de1b39535
- SSDEEP
  
  12288:X9TU4wk/uFP25o7D/qEyDXhtKV6igjSvL0wG:hU4wQuFP1/bojSvS
Score

10^/10

ardamax defense_evasion discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdefense_evasiondiscoverykeyloggerstealer

behavioral2

ardamaxdefense_evasiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy