General

  • Target

    8e36bba463c4f1494356859ac8de5b21_JaffaCakes118

  • Size

    1.6MB

  • Sample

    240812-lh6t1avfjp

  • MD5

    8e36bba463c4f1494356859ac8de5b21

  • SHA1

    7047285197dbc6a1df5ee45cbec9af35d55c9f56

  • SHA256

    af34a8602de915abfb6dc87ec4f2b08c8855a0d92de6b435bdac73a716f184a7

  • SHA512

    6073b348d4970a61e4d2829d1b432580630975cc64c875324da407ef295b9fa88e4ce5e23004d4ef23fcd075554af56851af3127add6d8a848cdaeb15f41091e

  • SSDEEP

    24576:EItGSqyowm8smieZoWvD/58qTuuKoi3pVfCxVYmNHXM4NgqLGTGtcnmpbamviIjL:EIfqlD8r/51T7ijyNX7mDmcnyVvx3m8d

Malware Config

Targets

    • Target

      Launcher.exe

    • Size

      4.8MB

    • MD5

      d3dfa3fe24f94b0fb51856d1203d9095

    • SHA1

      f7964e87334d96ca6b7ee9faf362bcb373bcf1e1

    • SHA256

      e682af464d8413b59e0624ff128bf1f5bdad54d6e3ea529b84705049db9930cd

    • SHA512

      05122e2d3f06ab8f426e7d5eed431f9c481ba9b3357a87bbfdecf725e8f327dbdddd5123f90aac5522740429e544aa6ae64c8ef2863d762783935608585f7ea2

    • SSDEEP

      98304:SlIY0TC0Hq39bnHmJvTaMDkytdK5AwDR86cpoFBr:Ql0TC0KtjHGT5kyt8rd

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Target

      autoR.exe

    • Size

      32KB

    • MD5

      030595aec5327ff1e94c8272fcd9e774

    • SHA1

      a62e1701acc6f8326da5c25838517228cdf87563

    • SHA256

      21d965d6f7993bb8b0d9010e55e72123279e73d712b837d7e151aa46eca0f901

    • SHA512

      d1677730c423427c0147d78392be9d9cc680b7a9e039152d039a3ed0a8b6df364d3afd5eaac092089cfc859ca0583b3eefac4b521d45bf24d4227dbf34e18525

    • SSDEEP

      768:OSagh0Qu1UkKE7AFPYp/Y8h88C5IWuUAeE0cWoeY:ONgecErpX+4UZcWC

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks