Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ffafcc19947324fe75776890aeab4d74_JaffaCakes118
-
Size
1.1MB
-
Sample
240930-bxq2zs1cjm
-
MD5
ffafcc19947324fe75776890aeab4d74
-
SHA1
d7bf7f6113960b5caa5fd2f5739f40d172336a11
-
SHA256
2530201811f6fda09024da1482c2a0057d5eb24e0566c0af6a40278e222f695f
-
SHA512
92cf5499122b6b6e65bcf2a1a094799d8276e634b83417441e62da5ef8b9fc8c617ce2293840cedb8959216afccbd004d6b94186692e4412d72364d29360fcff
-
SSDEEP
24576:HZxTibQgscuT7Co3AqhmaO2dWLOTP6pr0Oj9cqwX8n/wJ7cqN:HXTibjfuT7CiQubSpr0C9T/wmq
Malware Config
Targets
-
-
Target
ffafcc19947324fe75776890aeab4d74_JaffaCakes118
-
Size
1.1MB
-
MD5
ffafcc19947324fe75776890aeab4d74
-
SHA1
d7bf7f6113960b5caa5fd2f5739f40d172336a11
-
SHA256
2530201811f6fda09024da1482c2a0057d5eb24e0566c0af6a40278e222f695f
-
SHA512
92cf5499122b6b6e65bcf2a1a094799d8276e634b83417441e62da5ef8b9fc8c617ce2293840cedb8959216afccbd004d6b94186692e4412d72364d29360fcff
-
SSDEEP
24576:HZxTibQgscuT7Co3AqhmaO2dWLOTP6pr0Oj9cqwX8n/wJ7cqN:HXTibjfuT7CiQubSpr0C9T/wmq
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-