General

  • Target

    8884c81a02c7d8ee5e2f40629abb5c7d_JaffaCakes118

  • Size

    448KB

  • Sample

    240811-b7hhlatcre

  • MD5

    8884c81a02c7d8ee5e2f40629abb5c7d

  • SHA1

    b57a13ac33efdaf2d57a67338b79b22e0af21949

  • SHA256

    14cbfe2d29f63f8f6709429a828ec91b028597124b8878fa90aed39805956c06

  • SHA512

    897278426261275a71aec384eebda645477cbd8b472149a6d86d8b7ce604560cb2de3a0a4f2338f611b61faa9a3eb7b07aaf0d5bf51c6583265cae8cfab23141

  • SSDEEP

    12288:26Wq4aaE6KwyF5L0Y2D1PqLN23kAYsoAyLm8/l:8thEVaPqL8UwoFm8N

Malware Config

Targets

    • Target

      8884c81a02c7d8ee5e2f40629abb5c7d_JaffaCakes118

    • Size

      448KB

    • MD5

      8884c81a02c7d8ee5e2f40629abb5c7d

    • SHA1

      b57a13ac33efdaf2d57a67338b79b22e0af21949

    • SHA256

      14cbfe2d29f63f8f6709429a828ec91b028597124b8878fa90aed39805956c06

    • SHA512

      897278426261275a71aec384eebda645477cbd8b472149a6d86d8b7ce604560cb2de3a0a4f2338f611b61faa9a3eb7b07aaf0d5bf51c6583265cae8cfab23141

    • SSDEEP

      12288:26Wq4aaE6KwyF5L0Y2D1PqLN23kAYsoAyLm8/l:8thEVaPqL8UwoFm8N

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks