Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ffafcc19947324fe75776890aeab4d74_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240930-bxq2zs1cjm

  • MD5

    ffafcc19947324fe75776890aeab4d74

  • SHA1

    d7bf7f6113960b5caa5fd2f5739f40d172336a11

  • SHA256

    2530201811f6fda09024da1482c2a0057d5eb24e0566c0af6a40278e222f695f

  • SHA512

    92cf5499122b6b6e65bcf2a1a094799d8276e634b83417441e62da5ef8b9fc8c617ce2293840cedb8959216afccbd004d6b94186692e4412d72364d29360fcff

  • SSDEEP

    24576:HZxTibQgscuT7Co3AqhmaO2dWLOTP6pr0Oj9cqwX8n/wJ7cqN:HXTibjfuT7CiQubSpr0C9T/wmq

Malware Config

Targets

    • Target

      ffafcc19947324fe75776890aeab4d74_JaffaCakes118

    • Size

      1.1MB

    • MD5

      ffafcc19947324fe75776890aeab4d74

    • SHA1

      d7bf7f6113960b5caa5fd2f5739f40d172336a11

    • SHA256

      2530201811f6fda09024da1482c2a0057d5eb24e0566c0af6a40278e222f695f

    • SHA512

      92cf5499122b6b6e65bcf2a1a094799d8276e634b83417441e62da5ef8b9fc8c617ce2293840cedb8959216afccbd004d6b94186692e4412d72364d29360fcff

    • SSDEEP

      24576:HZxTibQgscuT7Co3AqhmaO2dWLOTP6pr0Oj9cqwX8n/wJ7cqN:HXTibjfuT7CiQubSpr0C9T/wmq

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks