Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

19042bf693...4f.exe

windows7-x64

10

19042bf693...4f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19042bf693d3b24f519fd00721e8c6e3706d17e4b42f2566da12dc42b58cdf4f

  • Size

    2.0MB

  • Sample

    250317-z1ckrsytew

  • MD5

    7316ff29df450097b933e376a63641ef

  • SHA1

    e5b5d24aa3447a33160967256d8f46e90b827b12

  • SHA256

    19042bf693d3b24f519fd00721e8c6e3706d17e4b42f2566da12dc42b58cdf4f

  • SHA512

    2c1cc8a1671114ea6c5087b2cc260b272e3cdadc51377c3aec306b34d14d27d9ce7962c4f743c42b6efefa0c9c6d1f559b0b0ba70a2985b24a2a6ef7e09c680a

  • SSDEEP

    49152:UDD9nDJj95rciYipTNrgjk9rVPI/ML5bYMqptqv:UDDzHrciYirRDg/MLK9ptA

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      19042bf693d3b24f519fd00721e8c6e3706d17e4b42f2566da12dc42b58cdf4f

    • Size

      2.0MB

    • MD5

      7316ff29df450097b933e376a63641ef

    • SHA1

      e5b5d24aa3447a33160967256d8f46e90b827b12

    • SHA256

      19042bf693d3b24f519fd00721e8c6e3706d17e4b42f2566da12dc42b58cdf4f

    • SHA512

      2c1cc8a1671114ea6c5087b2cc260b272e3cdadc51377c3aec306b34d14d27d9ce7962c4f743c42b6efefa0c9c6d1f559b0b0ba70a2985b24a2a6ef7e09c680a

    • SSDEEP

      49152:UDD9nDJj95rciYipTNrgjk9rVPI/ML5bYMqptqv:UDDzHrciYirRDg/MLK9ptA

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks