General

  • Target

    88ebac00eb9d8140ca0dfdc7787967b0_JaffaCakes118

  • Size

    49KB

  • Sample

    240811-el8pfathnr

  • MD5

    88ebac00eb9d8140ca0dfdc7787967b0

  • SHA1

    2fe600c59763c7f29d0c6acd9d61d3e14819ec8a

  • SHA256

    e42cd6bcd858ed729ee58e416032623247b5f014cdbf34c8fbed48408fff18b2

  • SHA512

    bf1dacfd3929b848e03dba77dcca67c0c2a65c8451cfe13115b3fc3ca18e47c1c6ccb53e4104cfcb3b8c0e588da4d02573994e97f82531e224a99950abf84fa5

  • SSDEEP

    768:CxbZh9sUy+8nNJOaru7l/oDwQ398HKNCWNx0zDhC/J7kgDXDksp:C5ZAUkzlu7xCd9CTDhCrx

Malware Config

Targets

    • Target

      88ebac00eb9d8140ca0dfdc7787967b0_JaffaCakes118

    • Size

      49KB

    • MD5

      88ebac00eb9d8140ca0dfdc7787967b0

    • SHA1

      2fe600c59763c7f29d0c6acd9d61d3e14819ec8a

    • SHA256

      e42cd6bcd858ed729ee58e416032623247b5f014cdbf34c8fbed48408fff18b2

    • SHA512

      bf1dacfd3929b848e03dba77dcca67c0c2a65c8451cfe13115b3fc3ca18e47c1c6ccb53e4104cfcb3b8c0e588da4d02573994e97f82531e224a99950abf84fa5

    • SSDEEP

      768:CxbZh9sUy+8nNJOaru7l/oDwQ398HKNCWNx0zDhC/J7kgDXDksp:C5ZAUkzlu7xCd9CTDhCrx

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks