ardamax

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_bca126cc681c07440b291fe71f5ab863
Size

209KB
Sample

250418-fb83wsszby
MD5

bca126cc681c07440b291fe71f5ab863
SHA1

f3caf966a3290b4ca7952a8a6dc023ef417ff897
SHA256

9afadba0006723439d704c1bf3af6cb9e3b3e0d4796dd2fe89d8fbcc7d25c7af
SHA512

5192b23d110f68197747f420e3fe32c37fb853f177820ca6d40b33f2aaf989eb847ecff1a6ef5d799499807d286f3611cf653fad46c1062364351b44f0b04ca6
SSDEEP

6144:dQJQEgZAppJtRWH7YumzfX4k6/Bpfs/scDI8T:duppBDumzfX85Rs/sDo

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_bca126cc681c07440b291fe71f5ab863
- Size
  
  209KB
- MD5
  
  bca126cc681c07440b291fe71f5ab863
- SHA1
  
  f3caf966a3290b4ca7952a8a6dc023ef417ff897
- SHA256
  
  9afadba0006723439d704c1bf3af6cb9e3b3e0d4796dd2fe89d8fbcc7d25c7af
- SHA512
  
  5192b23d110f68197747f420e3fe32c37fb853f177820ca6d40b33f2aaf989eb847ecff1a6ef5d799499807d286f3611cf653fad46c1062364351b44f0b04ca6
- SSDEEP
  
  6144:dQJQEgZAppJtRWH7YumzfX4k6/Bpfs/scDI8T:duppBDumzfX85Rs/sDo
Score

10^/10

ardamax discovery keylogger persistence stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  4c7d97d0786ff08b20d0e8315b5fc3cb
- SHA1
  
  bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c
- SHA256
  
  75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84
- SHA512
  
  f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a
- SSDEEP
  
  192:6KdqJ4Bhf1mdCMI26t510swClJOeFIsm7F1QuPs:6KdE4zAddwR0swqOeFxu
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  AKL.chm
- Size
  
  14KB
- MD5
  
  747813f91f86f0f977f4c1a11ff4b2b9
- SHA1
  
  0ebba470a47b9738e912d71441544864afdb6e26
- SHA256
  
  5d3cadb6195b7ef256b3b2a24ce6b2bb179bdd3d8a9e230b59bcdb1a150c932e
- SHA512
  
  a7b8864efcfa9312ee8c3bc3d009bd79b940e4832ab79ab99be349f9b442c181e9c4986d6092f83a0187c6467b617bd4789401a7819f2097f1859836c098ecaa
- SSDEEP
  
  192:d78h0hmMV/+lge/DkKLVFKfC0zfkihPlsf92w44s:dg0gMVfeLkQTkzfk4Plsf92w4
Score

1^/10
behavioral5 behavioral6
- Target
  
  AKL.exe
- Size
  
  228KB
- MD5
  
  4f0592beb14e55d9295afbc005faef07
- SHA1
  
  dd0533f0d0d8eae441cba614a40d896fb7398930
- SHA256
  
  239e59fc07c7cd95f8f95f9356d916aedf75b844f08d8e500a5143275c50e49d
- SHA512
  
  9235efb1072e887ef92761a6d8c579d004583f00ad2743343f2fccace95bc3a75b16fb3220274ab372d7185f8203c5ae7a15f8a070ed86ee8d6804d4b3c261eb
- SSDEEP
  
  3072:OlZpskT76ON9Ou8ugkiUzp9fKGbIgvgWwHuZcMxJpmJ5Tup6bTEnl1yYKRIdB+2r:IpPCxki0zPNcMxbETv/mlYZRcYvZAC
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7 behavioral8
- Target
  
  AKV.exe
- Size
  
  132KB
- MD5
  
  592c3138b8513a70f1be2661223f07c2
- SHA1
  
  7b870cc7fd22e18b5ae08e073c4120ffb6e06c98
- SHA256
  
  b5e08ecdb9c1ba0091f25f61b5a78295310df79312ac112afbed5d74c2813a6d
- SHA512
  
  1b39ecb702a8f981bfac8f7ef8abd35b8960b7a9943241f8f9b0d467b4fae0a0673315ba4e1245837b96959091c183140b567050de561457c8b106092d746eb0
- SSDEEP
  
  3072:urG7EIjKjyjCBOUfBIU7gUKceFzPhbwsrK0jHUDjlvhQTQU3f1:SG77jKjyjCBOUpIUkFceFzJUDj1OT/
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Uninstall.exe
- Size
  
  43KB
- MD5
  
  8cd0f4d927e641cf5fdccebfa663b91c
- SHA1
  
  f19fa54852d1f85a31c5f795ea1cd70846a25c63
- SHA256
  
  62a47fcf580bc9419df7ac8e7a3d58008f2e6c914e9051db351d4d852e547877
- SHA512
  
  a1a8e38259ffbf9151adac5b23aab151bbcd726cc2e5a12222c4f2bb97ddb1770409d2170ff835b1b7f627858497c4408abcd68ae34a973d9da25149f04bd727
- SSDEEP
  
  768:Dh03BWfzcJpdd4jU3eRo8rwV0GfL7rtU7UMt3MBJ7lNT2ANlAArHM:Dh03grsyj5Rk0gtUABJ3Tp3FHM
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
behavioral11 behavioral12
- Target
  
  il.dll
- Size
  
  6KB
- MD5
  
  00fb53e770ee66150b83c605f5b559ec
- SHA1
  
  a1a0bb6a9ee2ddbfaae9ac1b470961d6fb47e8e5
- SHA256
  
  1686ec9eddb4549cb12f5b115ab1d55d57b4b0d53c4995284f8f747a633acceb
- SHA512
  
  c0e9ca2aebd5ec3bcef4208f4f92f1c25d94502af1b56d970ebfccb703fcb29deff789b8c12e6f3ce09e37756baa14b82116ea0315f2f35e0a349151d0c54e26
- SSDEEP
  
  96:U29JuAtmDs5VboiM1LgDLkAYhdvvJ969J0Hsb6HPnf:UhAtmYnkiMKDLkd/az6IsPf
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  kh.dll
- Size
  
  4KB
- MD5
  
  c0aec89e4dc32fb0455b5ba72ab60bcf
- SHA1
  
  810895f5aec20559c76e1139d91f964235234539
- SHA256
  
  ebac4c23d288b3714702b907be613c94a8611fcac6cec78c2b1bfc9833c3c051
- SHA512
  
  cfd86c5561dbb695bdd934c39b298d12269a6571799dd8b2c1eb3ce8904c5c4afc0958a505882d2b38c7d973703042585fa8eb9ff928f143335d3f808aece4ab
- SSDEEP
  
  48:CjknnZJH2mxnV2Vh2X7uVlAKfo+OAO05+AAY3tZJ4nix:OknDrv23e6AKfhO7k+AAmZJ4n
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  qs.html
- Size
  
  1KB
- MD5
  
  da9de559f7a4f35fe72c9b6d115e017c
- SHA1
  
  34a2fd2290a6bdaaf08495f9c89ca66489828510
- SHA256
  
  c40c04a36754e564213ba5f0fc09379806de17d45dca95038876ecc144695a5e
- SHA512
  
  91259ac8fca0c115b5193892d097098ca74684dc29943ee38cbe4ac79e3a917a524b8fe54723080ef21938f3730b812b33645b6da385a5b1ad9a74a0117a5ba0
Score

7^/10

discovery
- Loads dropped DLL
behavioral17 behavioral18

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Ardamax family

Ardamax main executable

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Adds Run key to start application

Checks installed software on the system

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18