ardamax | 2a641704410f01f48b7a1f74b7315961cb1368b8b3714a98080d11c94fb43d1f | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...b3.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_b1c32dbc5e1d21a62d08fd75f405f0b3
Size

349KB
Sample

250412-k2zdla1qy2
MD5

b1c32dbc5e1d21a62d08fd75f405f0b3
SHA1

7ae5bac054fc16da5f1ccef10e1ee7c98d1cd384
SHA256

2a641704410f01f48b7a1f74b7315961cb1368b8b3714a98080d11c94fb43d1f
SHA512

bd6032067a00a709bd4d3873a4eb548abdef79f7382f8d18412d7512be54eb3a68752fa98b49f7bc5bf8e96e0f287e86d340a40f829d9659a2e133abf0d69abd
SSDEEP

6144:jmpyGqtkC4GeLRRCljjMTBa4cw2p9/t4CkF3ah7Lj4eYV6rBzTOr44QPQ99L+nML:jLthUD0jdMEBtJkF3yZYV6tI4b49onML

Score

10^/10

ardamax discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_b1c32dbc5e1d21a62d08fd75f405f0b3.exe

Resource

win10v2004-20250314-en

ardamax discovery keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_b1c32dbc5e1d21a62d08fd75f405f0b3
- Size
  
  349KB
- MD5
  
  b1c32dbc5e1d21a62d08fd75f405f0b3
- SHA1
  
  7ae5bac054fc16da5f1ccef10e1ee7c98d1cd384
- SHA256
  
  2a641704410f01f48b7a1f74b7315961cb1368b8b3714a98080d11c94fb43d1f
- SHA512
  
  bd6032067a00a709bd4d3873a4eb548abdef79f7382f8d18412d7512be54eb3a68752fa98b49f7bc5bf8e96e0f287e86d340a40f829d9659a2e133abf0d69abd
- SSDEEP
  
  6144:jmpyGqtkC4GeLRRCljjMTBa4cw2p9/t4CkF3ah7Lj4eYV6rBzTOr44QPQ99L+nML:jLthUD0jdMEBtJkF3yZYV6tI4b49onML
Score

10^/10

ardamax discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy