ardamax | a4e6526a357906ea3b7927e14a0666a617524a57802186df171036e2402a534d | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...61.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_b6592e85618cb4980154afc48a772861
Size

340KB
Sample

250414-csbl6syxds
MD5

b6592e85618cb4980154afc48a772861
SHA1

2bd2465946bdd5bcd915b74f7c40b0e546eafcbf
SHA256

a4e6526a357906ea3b7927e14a0666a617524a57802186df171036e2402a534d
SHA512

83f892324315d4d2930200daac5ad6d42df0824e64bb71b09a9a6693ef3fd518883b5b715ac0d76dae8542abef6fb10ddab24deed27229a9d855250d0ec9d17d
SSDEEP

6144:UWEinW9CCIeFeiMtS2TO5XWCMax5vDiKBdbwyc2Gip7Sqi5lsXDxXH2PJFD:UWQ9CC/XeTDCBxN+KzLc2Dp7Sl6XFH2T

Score

10^/10

ardamax discovery keylogger persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_b6592e85618cb4980154afc48a772861.exe

Resource

win10v2004-20250314-en

ardamax discovery keylogger persistence stealer upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_b6592e85618cb4980154afc48a772861
- Size
  
  340KB
- MD5
  
  b6592e85618cb4980154afc48a772861
- SHA1
  
  2bd2465946bdd5bcd915b74f7c40b0e546eafcbf
- SHA256
  
  a4e6526a357906ea3b7927e14a0666a617524a57802186df171036e2402a534d
- SHA512
  
  83f892324315d4d2930200daac5ad6d42df0824e64bb71b09a9a6693ef3fd518883b5b715ac0d76dae8542abef6fb10ddab24deed27229a9d855250d0ec9d17d
- SSDEEP
  
  6144:UWEinW9CCIeFeiMtS2TO5XWCMax5vDiKBdbwyc2Gip7Sqi5lsXDxXH2PJFD:UWQ9CC/XeTDCBxN+KzLc2Dp7Sl6XFH2T
Score

10^/10

ardamax discovery keylogger persistence stealer upx
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ardamaxdiscoverykeyloggerpersistencestealerupx

© 2018-2025

Terms | Privacy