Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b299416982606c58d1d3c626f6fcea8b_JaffaCakes118

  • Size

    516KB

  • Sample

    240821-jb5x1swerg

  • MD5

    b299416982606c58d1d3c626f6fcea8b

  • SHA1

    4ffa11525985e47e856cdf2bc577e0ab950bec55

  • SHA256

    807679c83a6855255ded11dde54baa1fd98c8706a190b21c908612f961871460

  • SHA512

    4c0e4ee6e7c5250d99752d835e06936575cb3e855a52d4e9d3e2c28df268bbf7876f773a7eb9e9a069df3d97540a3d4d11339c5e5fe8bb7d694e593dff3d08cd

  • SSDEEP

    12288:JIARO/YW4SI9DP+agaSvCfzKTzTEFbtRUWVnk9XO:bIj4P+Q4/rEZk9e

Malware Config

Targets

    • Target

      b299416982606c58d1d3c626f6fcea8b_JaffaCakes118

    • Size

      516KB

    • MD5

      b299416982606c58d1d3c626f6fcea8b

    • SHA1

      4ffa11525985e47e856cdf2bc577e0ab950bec55

    • SHA256

      807679c83a6855255ded11dde54baa1fd98c8706a190b21c908612f961871460

    • SHA512

      4c0e4ee6e7c5250d99752d835e06936575cb3e855a52d4e9d3e2c28df268bbf7876f773a7eb9e9a069df3d97540a3d4d11339c5e5fe8bb7d694e593dff3d08cd

    • SSDEEP

      12288:JIARO/YW4SI9DP+agaSvCfzKTzTEFbtRUWVnk9XO:bIj4P+Q4/rEZk9e

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks