Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...68.exe

windows7-x64

10

JaffaCakes...68.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_81788834393a06a26c484fe039b9cb68

  • Size

    1.2MB

  • Sample

    250320-fyzgzayks7

  • MD5

    81788834393a06a26c484fe039b9cb68

  • SHA1

    5be9b8ac81260a8038ae3377e4b26dd4e6093c5e

  • SHA256

    f339aaa87fd5f01b6486d55c6b9acac69bf252308ced3545fa98cbb3bc15bb2e

  • SHA512

    74e65b995fed1871d7de485b05ccbed1360f89ef3911bbcd7f7fc776e4f0938e73be0ece5b2cb38e7ebedffa19fdd248d7200fdda28bb4762a46e728e98e6627

  • SSDEEP

    24576:+o253NI9aNMkA0qyN69dsyhuP4bsXKwZFX37vGvRd90kC6Sh/7w2:+o8d+OAxTUP4bsX3BrKRd90kC6H2

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_81788834393a06a26c484fe039b9cb68

    • Size

      1.2MB

    • MD5

      81788834393a06a26c484fe039b9cb68

    • SHA1

      5be9b8ac81260a8038ae3377e4b26dd4e6093c5e

    • SHA256

      f339aaa87fd5f01b6486d55c6b9acac69bf252308ced3545fa98cbb3bc15bb2e

    • SHA512

      74e65b995fed1871d7de485b05ccbed1360f89ef3911bbcd7f7fc776e4f0938e73be0ece5b2cb38e7ebedffa19fdd248d7200fdda28bb4762a46e728e98e6627

    • SSDEEP

      24576:+o253NI9aNMkA0qyN69dsyhuP4bsXKwZFX37vGvRd90kC6Sh/7w2:+o8d+OAxTUP4bsX3BrKRd90kC6H2

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks