Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_a08cb337ee4ccfc09686ccc94ff56138

  • Size

    452KB

  • Sample

    250205-rv4s3askej

  • MD5

    a08cb337ee4ccfc09686ccc94ff56138

  • SHA1

    bea928651c2f4de1db59ab94eeba60c970e41540

  • SHA256

    e69427adf800b7e159974e58fe448623a7c6d256639300ed339d037cbcedeb46

  • SHA512

    3126c1552c6bf779e85ed46fb938dd10fe5e8bcb9c5cfbe1190b02f6a3afb578d09eaf6c5336fba519f92561f32ce312e76cf52f0764812d7d3b1d6ab3a0a13e

  • SSDEEP

    12288:APMCMagGoScmptvV+84GZKNoSF3SW2D9cZ9:APMCMaZcmpt9l4GZKrFiWGs

Malware Config

Targets

    • Target

      JaffaCakes118_a08cb337ee4ccfc09686ccc94ff56138

    • Size

      452KB

    • MD5

      a08cb337ee4ccfc09686ccc94ff56138

    • SHA1

      bea928651c2f4de1db59ab94eeba60c970e41540

    • SHA256

      e69427adf800b7e159974e58fe448623a7c6d256639300ed339d037cbcedeb46

    • SHA512

      3126c1552c6bf779e85ed46fb938dd10fe5e8bcb9c5cfbe1190b02f6a3afb578d09eaf6c5336fba519f92561f32ce312e76cf52f0764812d7d3b1d6ab3a0a13e

    • SSDEEP

      12288:APMCMagGoScmptvV+84GZKNoSF3SW2D9cZ9:APMCMaZcmpt9l4GZKrFiWGs

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks