Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_6e9fdbd85c3f5e072b9cbe6a5fe316ef

  • Size

    255KB

  • Sample

    250131-2wmahsyqet

  • MD5

    6e9fdbd85c3f5e072b9cbe6a5fe316ef

  • SHA1

    231d7f60c403a39483731c76e1ad4f3e75dfde38

  • SHA256

    73f84fd9e2c75fa1296a1b2b1c2bbc70892acb2cfb33a3c372cf047d6e650d63

  • SHA512

    ad7164b14e12b822e9e784e1aaa7a0ea97e9076f321b735565f9a56cd882c6fc004c61b1297c20bd89b472718ca6ffc83577a2e79d3ce4467f4f26c2a22ff4e7

  • SSDEEP

    6144:DMrpk9YeqVCVyMRi8D6/MynywM29rAXIHDZOS0qPyKMo/S:D0EFYQyWtSfBZrLHVoQyKz/S

Malware Config

Targets

    • Target

      JaffaCakes118_6e9fdbd85c3f5e072b9cbe6a5fe316ef

    • Size

      255KB

    • MD5

      6e9fdbd85c3f5e072b9cbe6a5fe316ef

    • SHA1

      231d7f60c403a39483731c76e1ad4f3e75dfde38

    • SHA256

      73f84fd9e2c75fa1296a1b2b1c2bbc70892acb2cfb33a3c372cf047d6e650d63

    • SHA512

      ad7164b14e12b822e9e784e1aaa7a0ea97e9076f321b735565f9a56cd882c6fc004c61b1297c20bd89b472718ca6ffc83577a2e79d3ce4467f4f26c2a22ff4e7

    • SSDEEP

      6144:DMrpk9YeqVCVyMRi8D6/MynywM29rAXIHDZOS0qPyKMo/S:D0EFYQyWtSfBZrLHVoQyKz/S

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      "AKL.003"

    • Size

      4KB

    • MD5

      b2428dc1f1a06ca137052bd3e4565bdd

    • SHA1

      b16d0640f8a0af70d2ac43089b8df3afe3de8845

    • SHA256

      0b9c70d6c79a70d1a1958b9c5c4fb88e56b8fdfae0d345721370706f083f4fef

    • SHA512

      c2fcc8f90a2ec1abec1161c7235b004032cbe1bfe850e1d554a6371d3fd36c537d440cb413ac0517d7ed589fffcc97780a896174dcae5de160094edac0a276a6

    Score
    3/10
    • Target

      "AKL.004"

    • Size

      15KB

    • MD5

      93b6218ddcaaa1958f98aa3210279569

    • SHA1

      2e0c3e6c6d640a0ea22541d2b9e91dd93003a457

    • SHA256

      dbc326869fb06d38b519132130e7aff6bdd62339e426346521e241215b8a73c7

    • SHA512

      ef51289799d168f80973ad13c0b965153fe6db1412d6fe1bb801d5eefe339e63d1a6b58724fac4aaaf9c2f8f08198a5b2038febfbbb082d22fc5b6b829bbc589

    • SSDEEP

      192:FpLGzyTNyGquKwYYVzWixqicgfg8nXYvYqbB7DGSubWZFoynYkvaSbi:F1GzANSJwYYVzWijbf9nXGJ60FS2a

    Score
    3/10
    • Target

      "AKL.006"

    • Size

      4KB

    • MD5

      626b46c466bcc63f2888dbe1bf7c07ea

    • SHA1

      d6348cd2e7471c71940b22329057dabb6eb9b1aa

    • SHA256

      447973833fe70c0fdfbde12b03af25c8e238b976703b3a349ce24db7bff6dbb3

    • SHA512

      7ec431c583427b49e355299dbe7192c14fecb12b953e04e4844ced42b33618dd66d04b94dc811c21dae965801385d283572e6c164d6df89c392ee0bf045187f0

    • SSDEEP

      48:ai+n/3GlffmxnChbP4LzoJfO55+AAc+NRGcRijq:Qn/WlWshbezXL+AAcS4cR5

    Score
    3/10
    • Target

      "AKL.007"

    • Size

      6KB

    • MD5

      a7868b0f2d9c382d80019bcc2014b9c6

    • SHA1

      f7f1a902bc83ee7d21e44add822c2746dba63e5a

    • SHA256

      0fdb7ba1709a0fb29a1b6c0c5ab2c9efe24158054ffc9db0161218b29468755c

    • SHA512

      8bcabe75ec0bfdefc22ff00deca0d63fb459622fc1fa7a9379e2f7e99ec75cfe2f76fb98b195ed40f050e56da1a2503dd7a9d551f0d66494349723686376d448

    • SSDEEP

      96:U559JuAtqDsKVbpNsIGNgDLYJ/hdvvJ969Jhd+s8VHPnf:U5EAtqYOFNDG6DLYR/azhd+vtPf

    Score
    3/10
    • Target

      "AKL.chm"

    • Size

      29KB

    • MD5

      d13ed324e027ab8a1360a3403edb5f9a

    • SHA1

      acba2fb32c644d36f860779ecd3d481ee5e99412

    • SHA256

      f2abc1144d03e723f68906fdfcc63bf7becff01ec34f66836ffe39e2ac79673d

    • SHA512

      f9545687f07f758ded2118441ad3ccbfad71c1ba91dd9809bdf35cb3f1dfd6416d56a71fc56849fb9d8b70322f733bb35247d753703e4b7dff0d9de754575836

    • SSDEEP

      768:pyV4MUVQ2t0noqaOwtPXoPCuCNr6DMysm2Are:pyV4MUVQ2t0XqPXolI6Dgm2Oe

    Score
    1/10
    • Target

      "AKL.exe"

    • Size

      218KB

    • MD5

      780bdf7f767d8a85f1844721cd0077fa

    • SHA1

      1ad480226e8532edda9909030cadac61c9a22ba1

    • SHA256

      39f0a4980627c596514e51a540d4e721c8f1bf3d0c9e69abc8b3f11f7c4b9314

    • SHA512

      6d68ac87d611ca8dc3869438346681782df17f70128200edc35a82defc966da2597aaf4416bbd4a7f7b34b5ca424491bf4c4b7148aea02502242519b0c8e0577

    • SSDEEP

      3072:P+efErpiiTTYBA63HxDzIzb6xl7KhnftzEdJZktpFAwl+DLNeIb:PBfKTEb39czbQtKCyrCTMI

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      9aff00ec14e6cb71a13451011c580077

    • SHA1

      5972140e4a0addb9eac685fe6037da7479f23ecf

    • SHA256

      cc8145683ad8fd77bd5cca193e84188e40d6d03a0a0d1d00e2bdbef91be96bb3

    • SHA512

      311abd4e9927c1424d794ba401f3935ad3b108a2124e58e0d29aa946514c7a1d62b9b08b013699f4f90796bdfb6c07211daddbb521c1d20ccee771f6ea43b110

    • SSDEEP

      192:zCCxNg+SdnWKZFzReF6KOgEpoAlwYmjspWnlAb2bG7F1QuIp:+Cxazn5aF4N2AWpZy2Ru

    Score
    3/10
    • Target

      AKV.exe

    • Size

      162KB

    • MD5

      b0e2e8c4f1623f666de785e7cb4c7e94

    • SHA1

      9e7f4a47c952193645c38b815784d8431c7d6c24

    • SHA256

      001837fcafccec8059942897e93643b4bd710ed27e286dbf95dbf6e0d7744711

    • SHA512

      950e0c849f750ce2dc654f358fb2b5220995f97abfd200d09d5ccbdf3c20885f6d2974a2243d840ba8a733a91fffd36740c4bbf435cc0a06f5283e848ffa97ee

    • SSDEEP

      3072:XZ0HmNq4QnRkIzvL24KCfstd3Y1Q1KMtosx5bpznN1l:umNqxnRkIzv6TIstJH1FDbpzN

    Score
    3/10
    • Target

      Uninstall.exe

    • Size

      44KB

    • MD5

      c30a8655799cdcf83ff2ac51af7da1f7

    • SHA1

      f1a817a066e8f6e1c5472d484c9a38e54a1c348e

    • SHA256

      d0bdf661871582c8086e5c753ba4d4d725371e3a5612a377cb41f2d144189594

    • SHA512

      b13a422c7eff9b7bd4b391b854735317143ba321cb40a155df05dc2240f9653eeca67dd230117f606baad0832066073926030d4168f6f4d658ab347fde0aa33d

    • SSDEEP

      768:9VSO0QdGLkD8HYayXJMIBImhiPbvu9/vHtLE8JGlzIvGmUgmoAql3/3:90mrcYRiiVhOuc8JmIhmoAqlv3

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      qs.html

    • Size

      1KB

    • MD5

      1f8a533b1761fd59231b763303647650

    • SHA1

      8f4f75b6b7228257b501c6b3f990d27c55ee1b7f

    • SHA256

      1a962c7395d596113445b2b7fa0efd5bde4b64a413aa528daed9b7327aa2ae07

    • SHA512

      f04535920dba1a820b1253c61b347bde4d14307258b1ecf866b9f481045cef074307500bdb1c4bb5bfe4f9a22811ba79df42f38141df15d3ae332b445095ad1a

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

ardamax
Score
10/10

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer
Score
10/10

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discoverypersistence
Score
6/10

behavioral14

discoverypersistence
Score
6/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
7/10

behavioral20

discovery
Score
7/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10