Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a7573982752fb60bed50612199265151_JaffaCakes118
-
Size
2.2MB
-
Sample
240818-tq5kxavgjj
-
MD5
a7573982752fb60bed50612199265151
-
SHA1
29854fcb2fd493ffcab8dffa7c87d4e2043975fd
-
SHA256
82d69b888965d9bb70cbf74e4339013a2585c3727a5af911609be4f3338b4133
-
SHA512
cb2252698c3bd9d6a5b69cb0aa66cd01ca88a8479e464eb8ac376560369da32ce5946b033c12049487eb31b66601d6ed37500fe7d139564ba089c7abc26a8c81
-
SSDEEP
49152:toTDgngJuqGwlgtunms7xaGcOazIAJdVpR642es4dht2Ycm+7Fpjzw:2gQ3lgtK94GcOaMWdvR64Gyz2Y/mFq
Malware Config
Targets
-
-
Target
a7573982752fb60bed50612199265151_JaffaCakes118
-
Size
2.2MB
-
MD5
a7573982752fb60bed50612199265151
-
SHA1
29854fcb2fd493ffcab8dffa7c87d4e2043975fd
-
SHA256
82d69b888965d9bb70cbf74e4339013a2585c3727a5af911609be4f3338b4133
-
SHA512
cb2252698c3bd9d6a5b69cb0aa66cd01ca88a8479e464eb8ac376560369da32ce5946b033c12049487eb31b66601d6ed37500fe7d139564ba089c7abc26a8c81
-
SSDEEP
49152:toTDgngJuqGwlgtunms7xaGcOazIAJdVpR642es4dht2Ycm+7Fpjzw:2gQ3lgtK94GcOaMWdvR64Gyz2Y/mFq
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-