General

  • Target

    8a7616551ce19dda50daca2479c2de76_JaffaCakes118

  • Size

    13KB

  • Sample

    240811-qa1p8svdpc

  • MD5

    8a7616551ce19dda50daca2479c2de76

  • SHA1

    a8abeaf5b460f77dee2005df3c2dc79428743d2c

  • SHA256

    7cd1560ea0d639d9d6d945646be21aba72590cd37f57fe313de93822f4ca839f

  • SHA512

    04a3a7fc095f6135e859718876da4b84ab3fe009f181e6ab356917208d5b17f31944fcb64b111ab0d8e8fe28e1722411520ea52221f3136fafc765116fe7e1b0

  • SSDEEP

    384:2LOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:TSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      8a7616551ce19dda50daca2479c2de76_JaffaCakes118

    • Size

      13KB

    • MD5

      8a7616551ce19dda50daca2479c2de76

    • SHA1

      a8abeaf5b460f77dee2005df3c2dc79428743d2c

    • SHA256

      7cd1560ea0d639d9d6d945646be21aba72590cd37f57fe313de93822f4ca839f

    • SHA512

      04a3a7fc095f6135e859718876da4b84ab3fe009f181e6ab356917208d5b17f31944fcb64b111ab0d8e8fe28e1722411520ea52221f3136fafc765116fe7e1b0

    • SSDEEP

      384:2LOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:TSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks