General

  • Target

    8d355ff62486806df6bd969bed96c325_JaffaCakes118

  • Size

    13KB

  • Sample

    240812-ee6lhatgqr

  • MD5

    8d355ff62486806df6bd969bed96c325

  • SHA1

    72992f936f1e88a0d89d9ed939ee5ef19f2d34ba

  • SHA256

    3c179c3aca407a17480467b0d08c37396271b9285b9afca6f3245020c4bb9e0a

  • SHA512

    b42aec7b0e51da123751aee9d0ebe2c820f7a8c8b8d602bae1e76fe542450743bd1dcfab0f7765632e9889defbdbc4192e47e6bfb71f6e49201554ced1c590ef

  • SSDEEP

    192:zyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:O04Vfdj9JT9uxRgZGz0glhPuDWWx3f

Malware Config

Targets

    • Target

      8d355ff62486806df6bd969bed96c325_JaffaCakes118

    • Size

      13KB

    • MD5

      8d355ff62486806df6bd969bed96c325

    • SHA1

      72992f936f1e88a0d89d9ed939ee5ef19f2d34ba

    • SHA256

      3c179c3aca407a17480467b0d08c37396271b9285b9afca6f3245020c4bb9e0a

    • SHA512

      b42aec7b0e51da123751aee9d0ebe2c820f7a8c8b8d602bae1e76fe542450743bd1dcfab0f7765632e9889defbdbc4192e47e6bfb71f6e49201554ced1c590ef

    • SSDEEP

      192:zyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:O04Vfdj9JT9uxRgZGz0glhPuDWWx3f

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks