ardamax | af767d080a74637105d7c56a724c665f6a15c3d29fa9f4792ba6a8681c4e3398 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...eb.exe

windows7-x64

JaffaCakes...eb.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_d53e78fe3cddbaaad3ecf367ef3b43eb
Size

175KB
Sample

250210-allgpawqem
MD5

d53e78fe3cddbaaad3ecf367ef3b43eb
SHA1

905021038017709e4284f31f3800038cbd7e0f24
SHA256

af767d080a74637105d7c56a724c665f6a15c3d29fa9f4792ba6a8681c4e3398
SHA512

ddc2381a9a1f54a829705150603c15fc3377bc7aa41e71b3973186afe923416ed9dad296e0538776b016054d3a8a35e1c90c4df87aa7cb9ad0a5aee47e8812c8
SSDEEP

3072:OO6QmEGX0JFD4nQsh1r+EVFGYt6GXiv1ystW2ei+jw2NbCnt6kRWwg9tdRRvjjSS:RGXS4nQM+EjGIXZstyi0VCnbReJRJSBc

Score

10^/10

ardamax discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_d53e78fe3cddbaaad3ecf367ef3b43eb.exe

Resource

win7-20240903-en

ardamax discovery keylogger stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_d53e78fe3cddbaaad3ecf367ef3b43eb.exe

Resource

win10v2004-20250207-en

ardamax discovery keylogger stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_d53e78fe3cddbaaad3ecf367ef3b43eb
- Size
  
  175KB
- MD5
  
  d53e78fe3cddbaaad3ecf367ef3b43eb
- SHA1
  
  905021038017709e4284f31f3800038cbd7e0f24
- SHA256
  
  af767d080a74637105d7c56a724c665f6a15c3d29fa9f4792ba6a8681c4e3398
- SHA512
  
  ddc2381a9a1f54a829705150603c15fc3377bc7aa41e71b3973186afe923416ed9dad296e0538776b016054d3a8a35e1c90c4df87aa7cb9ad0a5aee47e8812c8
- SSDEEP
  
  3072:OO6QmEGX0JFD4nQsh1r+EVFGYt6GXiv1ystW2ei+jw2NbCnt6kRWwg9tdRRvjjSS:RGXS4nQM+EjGIXZstyi0VCnbReJRJSBc
Score

10^/10

ardamax discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerstealer

behavioral2

ardamaxdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy