ardamax

General

Target

JaffaCakes118_bd45e7330e0ff6fadb518f786fbf6076
Size

416KB
Sample

250418-j6epbax1ew
MD5

bd45e7330e0ff6fadb518f786fbf6076
SHA1

82aca487a5f9ffd6c6768cb1a733ab833b0e9e93
SHA256

9e0c1e9c25a8ee245015f759025ecc907f118778ccc7930799ac013c3534bd14
SHA512

8b7ea40f21917dec258a7734030fd11ba8ca305edcca8981dbebc388f24ba1407ba88b5d2ef80f234ccc6c053ea0269d5049de1cc8221e51b500c80ef285314d
SSDEEP

6144:UmpyGM7DBuH51YhODYkp2XM6A+TkfxOMDlsc4ByJMk75uoIscpM:UOPh2Xo+gfxfDlTVIsL

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_bd45e7330e0ff6fadb518f786fbf6076
- Size
  
  416KB
- MD5
  
  bd45e7330e0ff6fadb518f786fbf6076
- SHA1
  
  82aca487a5f9ffd6c6768cb1a733ab833b0e9e93
- SHA256
  
  9e0c1e9c25a8ee245015f759025ecc907f118778ccc7930799ac013c3534bd14
- SHA512
  
  8b7ea40f21917dec258a7734030fd11ba8ca305edcca8981dbebc388f24ba1407ba88b5d2ef80f234ccc6c053ea0269d5049de1cc8221e51b500c80ef285314d
- SSDEEP
  
  6144:UmpyGM7DBuH51YhODYkp2XM6A+TkfxOMDlsc4ByJMk75uoIscpM:UOPh2Xo+gfxfDlTVIsL
Score

10^/10

ardamax discovery keylogger stealer
- Ardamax
  A keylogger first seen in 2013.
  keylogger stealer ardamax
- Ardamax family
  ardamax
- Ardamax main executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Ardamax family

Ardamax main executable

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2