General

  • Target

    8cb285a7bca80bfa63f4d972a4828ddc_JaffaCakes118

  • Size

    13KB

  • Sample

    240812-bc6xpsscmf

  • MD5

    8cb285a7bca80bfa63f4d972a4828ddc

  • SHA1

    81da690ca7208b07429ccbefb1412b5936e2518d

  • SHA256

    d8c8aa365d26d88ce4b8e695ee79fd184b52f88bb45a4e66cdcb3673418ae0d9

  • SHA512

    c111acc139ebf67ceede64456b07620c3cf4320a6e4c18369c6a3fa73be298bffaeed41aa241bad7ffd1cdeba10363f9bad7e2accb4e7e84de8c2e3a3d7676a2

  • SSDEEP

    192:ryEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/oBc:G04Vfdj9JT9uxRgZGz0glhPuDWWx3fMc

Malware Config

Targets

    • Target

      8cb285a7bca80bfa63f4d972a4828ddc_JaffaCakes118

    • Size

      13KB

    • MD5

      8cb285a7bca80bfa63f4d972a4828ddc

    • SHA1

      81da690ca7208b07429ccbefb1412b5936e2518d

    • SHA256

      d8c8aa365d26d88ce4b8e695ee79fd184b52f88bb45a4e66cdcb3673418ae0d9

    • SHA512

      c111acc139ebf67ceede64456b07620c3cf4320a6e4c18369c6a3fa73be298bffaeed41aa241bad7ffd1cdeba10363f9bad7e2accb4e7e84de8c2e3a3d7676a2

    • SSDEEP

      192:ryEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/oBc:G04Vfdj9JT9uxRgZGz0glhPuDWWx3fMc

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks