ardamax | 1460d4d3986222bfeb119a81d78f78d37c6679757bb6228949e00a209f28c944 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...d4.exe

windows7-x64

JaffaCakes...d4.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_88c10601439647639b5a3b95cd667cd4
Size

1.4MB
Sample

250325-24gp1atyd1
MD5

88c10601439647639b5a3b95cd667cd4
SHA1

7f3f1cb3fb757b96514197960f29de68014405e9
SHA256

1460d4d3986222bfeb119a81d78f78d37c6679757bb6228949e00a209f28c944
SHA512

93af042494c1daa14d92a9a88496d7e764550f0e04a26508302d1a000b057c19c797f1c6b1df8d85bae50a5aa82db157bec801d2cb8bf1cdaa8c3cd5354a9aa4
SSDEEP

24576:PDkZH8oEFpjTj7bJHImQMOxSam/PhPi0jv7I/v03WgOym39jZGygLWJiPNiLhvJ:PDWG3Pjnlzam/PhJfqc3WN39I8wPN6R

Score

10^/10

ardamax discovery keylogger persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_88c10601439647639b5a3b95cd667cd4.exe

Resource

win7-20240903-en

ardamax discovery keylogger persistence stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_88c10601439647639b5a3b95cd667cd4.exe

Resource

win10v2004-20250314-en

ardamax discovery keylogger persistence stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_88c10601439647639b5a3b95cd667cd4
- Size
  
  1.4MB
- MD5
  
  88c10601439647639b5a3b95cd667cd4
- SHA1
  
  7f3f1cb3fb757b96514197960f29de68014405e9
- SHA256
  
  1460d4d3986222bfeb119a81d78f78d37c6679757bb6228949e00a209f28c944
- SHA512
  
  93af042494c1daa14d92a9a88496d7e764550f0e04a26508302d1a000b057c19c797f1c6b1df8d85bae50a5aa82db157bec801d2cb8bf1cdaa8c3cd5354a9aa4
- SSDEEP
  
  24576:PDkZH8oEFpjTj7bJHImQMOxSam/PhPi0jv7I/v03WgOym39jZGygLWJiPNiLhvJ:PDWG3Pjnlzam/PhJfqc3WN39I8wPN6R
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy