ardamax | ffa84e48ffc63f0d145d98f72540c9a4c32f8630968738a83a0eb31582e36396 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...41.exe

windows7-x64

JaffaCakes...41.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_0a62b3ed312cf2109eddc798f9c00f41
Size

501KB
Sample

250220-h2fkdayray
MD5

0a62b3ed312cf2109eddc798f9c00f41
SHA1

ded1ebb465f70b40f06bdbed3e023ead6d9e276c
SHA256

ffa84e48ffc63f0d145d98f72540c9a4c32f8630968738a83a0eb31582e36396
SHA512

04bbdd40d8637aab4c719214aa0754752614851d27add3a182b23289da00dabef4c6c31f36b14f70bf6c88633c129493ff2323994031f38b69b733c6e89c68cd
SSDEEP

12288:4TBRUTV5nB5gNrF5fVOZMttkrhg5LrOLsLJn37rs98R:HTV5nBSx9OZMttkrhIr8YJnPR

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_0a62b3ed312cf2109eddc798f9c00f41.exe

Resource

win7-20241010-en

ardamax discovery keylogger persistence stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_0a62b3ed312cf2109eddc798f9c00f41.exe

Resource

win10v2004-20250217-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_0a62b3ed312cf2109eddc798f9c00f41
- Size
  
  501KB
- MD5
  
  0a62b3ed312cf2109eddc798f9c00f41
- SHA1
  
  ded1ebb465f70b40f06bdbed3e023ead6d9e276c
- SHA256
  
  ffa84e48ffc63f0d145d98f72540c9a4c32f8630968738a83a0eb31582e36396
- SHA512
  
  04bbdd40d8637aab4c719214aa0754752614851d27add3a182b23289da00dabef4c6c31f36b14f70bf6c88633c129493ff2323994031f38b69b733c6e89c68cd
- SSDEEP
  
  12288:4TBRUTV5nB5gNrF5fVOZMttkrhg5LrOLsLJn37rs98R:HTV5nBSx9OZMttkrhIr8YJnPR
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy