General

  • Target

    8d44ed00bd272ebd95d1acaf86f86ddb_JaffaCakes118

  • Size

    13KB

  • Sample

    240812-esmqjsygqh

  • MD5

    8d44ed00bd272ebd95d1acaf86f86ddb

  • SHA1

    594e80a2a26ab347aa1f540c775d690ed68da5b2

  • SHA256

    acf7f0d23a9a2c2466a778d6e44a36f65af72f326b4a25ef82cae108abc22c4b

  • SHA512

    4b941df64ac7727b8df95923fff5579ebb5b67521fed8f90eea52e5d165702a92fc5c6a0f7d82094883485cc68826061972f20b2d30084434546f1be95632d40

  • SSDEEP

    192:0yEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:Z04Vfdj9JT9uxRgZGz0glhPuDWWx3f

Malware Config

Targets

    • Target

      8d44ed00bd272ebd95d1acaf86f86ddb_JaffaCakes118

    • Size

      13KB

    • MD5

      8d44ed00bd272ebd95d1acaf86f86ddb

    • SHA1

      594e80a2a26ab347aa1f540c775d690ed68da5b2

    • SHA256

      acf7f0d23a9a2c2466a778d6e44a36f65af72f326b4a25ef82cae108abc22c4b

    • SHA512

      4b941df64ac7727b8df95923fff5579ebb5b67521fed8f90eea52e5d165702a92fc5c6a0f7d82094883485cc68826061972f20b2d30084434546f1be95632d40

    • SSDEEP

      192:0yEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:Z04Vfdj9JT9uxRgZGz0glhPuDWWx3f

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks