Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ab2098fa7f377c56f2db78b767e563e7_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240819-p9p74svgle

  • MD5

    ab2098fa7f377c56f2db78b767e563e7

  • SHA1

    5891e326f5a46780f18a1ea741986ead85019fee

  • SHA256

    cae67ca7d7c72ece8aabda614c41ec65d438d1493c4be5af59ed9809f24bcbf4

  • SHA512

    f1b5da46fb678044f03e40cceab63297294aa8d02d9f4262b7c240cc247088f7098b3442a1f30c436b75053ed3f8bdda5b28da89a4c8d9783bddf0df883dad0f

  • SSDEEP

    24576:tH0KuT4FNolMKUvPavTiHVgHSHDnfMBPI18O4UOckJsz/9lkxi0:tH0RTvgiL3W0BMPh/

Malware Config

Targets

    • Target

      ab2098fa7f377c56f2db78b767e563e7_JaffaCakes118

    • Size

      1.1MB

    • MD5

      ab2098fa7f377c56f2db78b767e563e7

    • SHA1

      5891e326f5a46780f18a1ea741986ead85019fee

    • SHA256

      cae67ca7d7c72ece8aabda614c41ec65d438d1493c4be5af59ed9809f24bcbf4

    • SHA512

      f1b5da46fb678044f03e40cceab63297294aa8d02d9f4262b7c240cc247088f7098b3442a1f30c436b75053ed3f8bdda5b28da89a4c8d9783bddf0df883dad0f

    • SSDEEP

      24576:tH0KuT4FNolMKUvPavTiHVgHSHDnfMBPI18O4UOckJsz/9lkxi0:tH0RTvgiL3W0BMPh/

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks