ardamax | 75fdb088fd636631d4a41ae1f37ee2c9858aea5e4766df6b63a0a0f32a9ca98e | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...82.exe

windows7-x64

JaffaCakes...82.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_d51806f794076babdccebcddc8098c82
Size

473KB
Sample

250209-3z845axjft
MD5

d51806f794076babdccebcddc8098c82
SHA1

d8b02dc2f2e13059a807424dfa4b06a2243b421e
SHA256

75fdb088fd636631d4a41ae1f37ee2c9858aea5e4766df6b63a0a0f32a9ca98e
SHA512

2b437f150e84e33bc7993e22cb15d08e521c7d85b179c1a8c620f134dc2ea86b4e849aa888ee58f2314d7dedb01914a3f41eae3215dbe93c305be35400cbacf3
SSDEEP

12288:d7gvlYdPh3mFESd3BRPe7hj5d7f3X3f5jn9AQqge:cSdZ2FPfcNjLb3X3fVpe

Score

10^/10

ardamax discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_d51806f794076babdccebcddc8098c82.exe

Resource

win7-20240903-en

ardamax discovery keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_d51806f794076babdccebcddc8098c82.exe

Resource

win10v2004-20250207-en

ardamax discovery keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_d51806f794076babdccebcddc8098c82
- Size
  
  473KB
- MD5
  
  d51806f794076babdccebcddc8098c82
- SHA1
  
  d8b02dc2f2e13059a807424dfa4b06a2243b421e
- SHA256
  
  75fdb088fd636631d4a41ae1f37ee2c9858aea5e4766df6b63a0a0f32a9ca98e
- SHA512
  
  2b437f150e84e33bc7993e22cb15d08e521c7d85b179c1a8c620f134dc2ea86b4e849aa888ee58f2314d7dedb01914a3f41eae3215dbe93c305be35400cbacf3
- SSDEEP
  
  12288:d7gvlYdPh3mFESd3BRPe7hj5d7f3X3f5jn9AQqge:cSdZ2FPfcNjLb3X3fVpe
Score

10^/10

ardamax discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerstealer

behavioral2

ardamaxdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy