ardamax | 568485f7e766e9c0a61b734d15d385395da4d089606e6566db51a51c3df4d55d | Triage

Submit
Reports

Overview

overview

Static

static

3

568485f7e7...5d.exe

windows7-x64

568485f7e7...5d.exe

windows10-2004-x64

Sharing

General

Target

568485f7e766e9c0a61b734d15d385395da4d089606e6566db51a51c3df4d55d.exe
Size

784KB
Sample

250216-q9f5wazlfy
MD5

f13b04d9d3eaf4676756391fc66e1bec
SHA1

228930215d16a5bac0f50736e3390bc5281e1b05
SHA256

568485f7e766e9c0a61b734d15d385395da4d089606e6566db51a51c3df4d55d
SHA512

fe86a00183e349cb09d6db099b3fd74b9f55b8cb432a134768381d3ef64ab560d8e62ab7edfd4810538b0a11fa97d67d44dbae0b5c476cc332ff0d108a0514f7
SSDEEP

24576:gjXTDPLr03f3uHTIds824NgPIJlyOAuGaQLTvfa28n/:gDTbX0P3teKgPMwuGay7An/

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

568485f7e766e9c0a61b734d15d385395da4d089606e6566db51a51c3df4d55d.exe

Resource

win7-20250207-en

ardamax discovery keylogger persistence stealer

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

568485f7e766e9c0a61b734d15d385395da4d089606e6566db51a51c3df4d55d.exe

Resource

win10v2004-20250211-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Targets

- Target
  
  568485f7e766e9c0a61b734d15d385395da4d089606e6566db51a51c3df4d55d.exe
- Size
  
  784KB
- MD5
  
  f13b04d9d3eaf4676756391fc66e1bec
- SHA1
  
  228930215d16a5bac0f50736e3390bc5281e1b05
- SHA256
  
  568485f7e766e9c0a61b734d15d385395da4d089606e6566db51a51c3df4d55d
- SHA512
  
  fe86a00183e349cb09d6db099b3fd74b9f55b8cb432a134768381d3ef64ab560d8e62ab7edfd4810538b0a11fa97d67d44dbae0b5c476cc332ff0d108a0514f7
- SSDEEP
  
  24576:gjXTDPLr03f3uHTIds824NgPIJlyOAuGaQLTvfa28n/:gDTbX0P3teKgPMwuGay7An/
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy