Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_804ec861024b7199d45428e07d33d076
-
Size
1.1MB
-
Sample
250319-29g8qawygw
-
MD5
804ec861024b7199d45428e07d33d076
-
SHA1
0e83c7b18c8bc754c64e807013b83887a92f5591
-
SHA256
5a7e7b5bfc1a2617a89270a0217b63f1868600c6f41438bcee1b9861ff131684
-
SHA512
897e23e4257c8de76dd1c2f72f158bc775768e288ce871931bd8811a363738d20e6e216a2298cf698a0b1194ea048765c40e0fe7911da775da42e3f9b3e7ca75
-
SSDEEP
24576:rbPT5qh3PnipSDpOTS6doftejxhL1rD8+hQtAi:r7TY3apWpOTS6dIeNhFVQ
Malware Config
Targets
-
-
Target
JaffaCakes118_804ec861024b7199d45428e07d33d076
-
Size
1.1MB
-
MD5
804ec861024b7199d45428e07d33d076
-
SHA1
0e83c7b18c8bc754c64e807013b83887a92f5591
-
SHA256
5a7e7b5bfc1a2617a89270a0217b63f1868600c6f41438bcee1b9861ff131684
-
SHA512
897e23e4257c8de76dd1c2f72f158bc775768e288ce871931bd8811a363738d20e6e216a2298cf698a0b1194ea048765c40e0fe7911da775da42e3f9b3e7ca75
-
SSDEEP
24576:rbPT5qh3PnipSDpOTS6doftejxhL1rD8+hQtAi:r7TY3apWpOTS6dIeNhFVQ
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-