ardamax | bcc583721f5034f8f04624167a63fdc0aefc4d9ad80e1f960d2c544ac29ebf8a | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...9f.exe

windows7-x64

JaffaCakes...9f.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_d3e58c76f566bf84668b2c2007bf529f
Size

183KB
Sample

250209-1etgtstpew
MD5

d3e58c76f566bf84668b2c2007bf529f
SHA1

2db36af360f44f6a68d869fbbc8a1d1c3fea788f
SHA256

bcc583721f5034f8f04624167a63fdc0aefc4d9ad80e1f960d2c544ac29ebf8a
SHA512

d6ea553d9bb8871e374c2d07f42c4209ec01b68606fe15532d703d1380f9eb4b8aa0c8ff62b91b8a1c85dd5b98ed2cb3adb8f16e9a016e2e05d3e356d4617e33
SSDEEP

3072:8CNmpyGHjyHDcofcfLbJAq2aWCGut6qOJT78qyHns0QwBsUU9gYa1IS4huryDBJ3:NmpyGH6cofMJAq2aIH/TyytUka1nGfjD

Score

10^/10

ardamax discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_d3e58c76f566bf84668b2c2007bf529f.exe

Resource

win7-20240903-en

ardamax discovery keylogger stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_d3e58c76f566bf84668b2c2007bf529f.exe

Resource

win10v2004-20250207-en

ardamax discovery keylogger stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_d3e58c76f566bf84668b2c2007bf529f
- Size
  
  183KB
- MD5
  
  d3e58c76f566bf84668b2c2007bf529f
- SHA1
  
  2db36af360f44f6a68d869fbbc8a1d1c3fea788f
- SHA256
  
  bcc583721f5034f8f04624167a63fdc0aefc4d9ad80e1f960d2c544ac29ebf8a
- SHA512
  
  d6ea553d9bb8871e374c2d07f42c4209ec01b68606fe15532d703d1380f9eb4b8aa0c8ff62b91b8a1c85dd5b98ed2cb3adb8f16e9a016e2e05d3e356d4617e33
- SSDEEP
  
  3072:8CNmpyGHjyHDcofcfLbJAq2aWCGut6qOJT78qyHns0QwBsUU9gYa1IS4huryDBJ3:NmpyGH6cofMJAq2aIH/TyytUka1nGfjD
Score

10^/10

ardamax discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerstealer

behavioral2

ardamaxdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy