Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_6ac4e69497954391b80cef23c417d611

  • Size

    1.1MB

  • Sample

    250131-q3gg3ayrek

  • MD5

    6ac4e69497954391b80cef23c417d611

  • SHA1

    ae35fb3f8141e984eeba3b14b4aec23094bbb912

  • SHA256

    ab5ffc061324a6b34ecbdc888440f77bb867dcce5e6b507d038e1e6ebde88070

  • SHA512

    ab79fdadffe97905ced03252c040163cabb6fad45a84124b5e392d413ecba762ac528c33f4db436b496936f435ca308baba67f7d7899ab0d80a4af3d95569d01

  • SSDEEP

    24576:UHvZTZAMiGFPiYFFsqc7muQ/cKrpkBnUJJJePQrrp0Qcfe:cBTZ1FJrsqc7muyrphJyIrrp3cf

Malware Config

Targets

    • Target

      JaffaCakes118_6ac4e69497954391b80cef23c417d611

    • Size

      1.1MB

    • MD5

      6ac4e69497954391b80cef23c417d611

    • SHA1

      ae35fb3f8141e984eeba3b14b4aec23094bbb912

    • SHA256

      ab5ffc061324a6b34ecbdc888440f77bb867dcce5e6b507d038e1e6ebde88070

    • SHA512

      ab79fdadffe97905ced03252c040163cabb6fad45a84124b5e392d413ecba762ac528c33f4db436b496936f435ca308baba67f7d7899ab0d80a4af3d95569d01

    • SSDEEP

      24576:UHvZTZAMiGFPiYFFsqc7muQ/cKrpkBnUJJJePQrrp0Qcfe:cBTZ1FJrsqc7muyrphJyIrrp3cf

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks