Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_7affbcacfb691cae522eaab8a38819ec
-
Size
1.5MB
-
Sample
250316-vc6fqayns3
-
MD5
7affbcacfb691cae522eaab8a38819ec
-
SHA1
ac3f3836ecacf87f8461aa0af8298aa9cf8d0f7b
-
SHA256
bfcd1ac18fa3f8a3cbc5a3a320d4dc81514fb667be3e852168b747bc6e7b9d62
-
SHA512
62d6f0112e5a8c7eda6ca4ad4b108a266b8ea01500348ef1327690323d7da8a50e0d695dd9306afed0ff45459d096ef341c33a48276df7ef3c71528aa124bb93
-
SSDEEP
24576:7ZdEBjdXhuO8EsX/awcwgHfYgdi9jzkrJlfoROcs+xWfgwosiUlZsHU+rzjxXfy1:78BZXhNtsiw0/YgI9jQJlAkcstTiUczg
Malware Config
Targets
-
-
Target
JaffaCakes118_7affbcacfb691cae522eaab8a38819ec
-
Size
1.5MB
-
MD5
7affbcacfb691cae522eaab8a38819ec
-
SHA1
ac3f3836ecacf87f8461aa0af8298aa9cf8d0f7b
-
SHA256
bfcd1ac18fa3f8a3cbc5a3a320d4dc81514fb667be3e852168b747bc6e7b9d62
-
SHA512
62d6f0112e5a8c7eda6ca4ad4b108a266b8ea01500348ef1327690323d7da8a50e0d695dd9306afed0ff45459d096ef341c33a48276df7ef3c71528aa124bb93
-
SSDEEP
24576:7ZdEBjdXhuO8EsX/awcwgHfYgdi9jzkrJlfoROcs+xWfgwosiUlZsHU+rzjxXfy1:78BZXhNtsiw0/YgI9jQJlAkcstTiUczg
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-