Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
82eeb5be5b8c1d9de04f62a21c8aa356_JaffaCakes118
-
Size
567KB
-
Sample
241031-n5b91syram
-
MD5
82eeb5be5b8c1d9de04f62a21c8aa356
-
SHA1
ae3eb6f97b1135a65d8b14e0002a2e42ee7ca302
-
SHA256
d41db4889120ca4d98469ca580936ddfd6d620fd2477b9c0dd554f545b949a19
-
SHA512
ad27d627aa3f040d253e5abef46a043c471cc7ff2af318f378f27a4e23bed03acdcc5f3166026ad870b4c9b793bb7612f1ba46e0015160b0fe01982db20feec9
-
SSDEEP
12288:pRXeXD3uWA2qCi5IQdoHblrGjJWEG7xCwM0X7T71i6l4X9O4Ow:S0ZC/QyhrGjozvfleow
Malware Config
Targets
-
-
Target
82eeb5be5b8c1d9de04f62a21c8aa356_JaffaCakes118
-
Size
567KB
-
MD5
82eeb5be5b8c1d9de04f62a21c8aa356
-
SHA1
ae3eb6f97b1135a65d8b14e0002a2e42ee7ca302
-
SHA256
d41db4889120ca4d98469ca580936ddfd6d620fd2477b9c0dd554f545b949a19
-
SHA512
ad27d627aa3f040d253e5abef46a043c471cc7ff2af318f378f27a4e23bed03acdcc5f3166026ad870b4c9b793bb7612f1ba46e0015160b0fe01982db20feec9
-
SSDEEP
12288:pRXeXD3uWA2qCi5IQdoHblrGjJWEG7xCwM0X7T71i6l4X9O4Ow:S0ZC/QyhrGjozvfleow
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-