Overview

overview

7

Static

static

1

Andromeda v2.06.rar

windows10-2004-x64

7

Andromeda Builder.exe

windows10-2004-x64

5

Anti vmwar...re.exe

windows10-2004-x64

1

Panel/plug...ex.ps1

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Andromeda v2.06.rar

  • Size

    2.8MB

  • Sample

    230227-1v6gbsfg2z

  • MD5

    4ac6d9cbf29c6000d5eb9f2845f7048a

  • SHA1

    12f73a6897bb79d17dbf1615254e96bb0b5fad00

  • SHA256

    0cf3e8db566d34f19d7c2df598f038542439d1f48e4b228d04c0a5469a62290b

  • SHA512

    1c70aed02b0d107c93d99b0d03733133d47ecefb310f54996be19b9f91c62725f9eb41951c0a4a26c09f30235ee0752324eac5519fae7c44cba4c1fad9832eda

  • SSDEEP

    49152:1nLD6q6AM/sBzTmNX7FvoZZ//STJHD8udOgWjswIcONO4F6zUgwKN2Bq0gc5/+Z+:R6q6AM+iX79oL//STFDOF4w4UUS7c5y+

Score
7/10

Malware Config

Targets

    • Target

      Andromeda v2.06.rar

    • Size

      2.8MB

    • MD5

      4ac6d9cbf29c6000d5eb9f2845f7048a

    • SHA1

      12f73a6897bb79d17dbf1615254e96bb0b5fad00

    • SHA256

      0cf3e8db566d34f19d7c2df598f038542439d1f48e4b228d04c0a5469a62290b

    • SHA512

      1c70aed02b0d107c93d99b0d03733133d47ecefb310f54996be19b9f91c62725f9eb41951c0a4a26c09f30235ee0752324eac5519fae7c44cba4c1fad9832eda

    • SSDEEP

      49152:1nLD6q6AM/sBzTmNX7FvoZZ//STJHD8udOgWjswIcONO4F6zUgwKN2Bq0gc5/+Z+:R6q6AM+iX79oL//STFDOF4w4UUS7c5y+

    Score
    7/10

    • Executes dropped EXE

    behavioral1

    • Target

      Andromeda Builder.exe

    • Size

      1.3MB

    • MD5

      be31dede2df4ba25eeb71b191a3512ba

    • SHA1

      0d6ef1e4662eb0d624a395afe3e8c16a5f57be4d

    • SHA256

      2089c3234f1808f2f729407fbec57e42f0cae79590b7e386b8ee2e18e0252f97

    • SHA512

      c51a4b62e69467e6ddab21bfe452d41c0da376a14d3e1d4d16feefb60874b3efd76971df87e392c6d66bef6cffdf7dddede42c4c04172ef50a75761835ce2b57

    • SSDEEP

      24576:8BvCwlJ2FEVchkZH7H0W9E3JB60t/d9GeD6g/DERv7i43MV/2gG:k6wlJ2FPuZH7H0W9eJB60t/d9GeD6gDC

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

    • Target

      Anti vmware/start_me_on_vm_before.exe

    • Size

      1KB

    • MD5

      8d79c79221f14603ddf8dec439a54385

    • SHA1

      1c18b7d7b5aeadbbe1eb8ec99a083c8feacf4312

    • SHA256

      07dffeb663f93a6311d9f70c596c0255d35b54ec2eb5b2c608ff096e0e58923c

    • SHA512

      63ad336a1119440586544b02baa0f7a1ea1a6bb1142893adeec7ca7e430ceaf078332bd8a0bcbdc69165077c691bfa87c89795b2ab2b4b946f9c8fc095d799fc

    Score
    1/10
    behavioral3

    • Target

      Panel/plugins/socks4/index.php

    • Size

      5KB

    • MD5

      8b934ab080056c27d14ef8eb27e5d6d0

    • SHA1

      b1e20d19d1e50a9f0b86c42632ddce67bbaa5561

    • SHA256

      dee4791b6d4d26a037a6926e928016ce494a31eca2893c1de558e28d18ae811c

    • SHA512

      17d0ff3421fd9fc9e766a104c2646767b308af65224124f9280c00124cb46981a53e7df2067d659811295fd41dc648febc93cb03246ca60c9e09c8db97d8dce6

    • SSDEEP

      96:bR4iN4RYiNfTVoeOkAnHo4Lo1YUn1sWdzSdAxLEM5pWkuBi:iijiVihxHJLon1/0W5pWkp

    Score
    1/10
    behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks