General

  • Target

    8ee1883638638cb639cd1f11f1803efc_JaffaCakes118

  • Size

    13KB

  • Sample

    240812-qltq3axanf

  • MD5

    8ee1883638638cb639cd1f11f1803efc

  • SHA1

    7bb4898e66d9c0797a972b0b906537470e50626d

  • SHA256

    d025b17f73ae9ed0862a42e10b9da5a681a48a9fae0fbed5afe4f953d7957a4c

  • SHA512

    e7ba02377c975984ca52f3de880392a6ee32ca953d4829f31ca33257503bcd835e009df912dbcec3c4bdff5c9b3f26185b161accc49df48b82888221ac99d393

  • SSDEEP

    384:1LOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:2Sagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      8ee1883638638cb639cd1f11f1803efc_JaffaCakes118

    • Size

      13KB

    • MD5

      8ee1883638638cb639cd1f11f1803efc

    • SHA1

      7bb4898e66d9c0797a972b0b906537470e50626d

    • SHA256

      d025b17f73ae9ed0862a42e10b9da5a681a48a9fae0fbed5afe4f953d7957a4c

    • SHA512

      e7ba02377c975984ca52f3de880392a6ee32ca953d4829f31ca33257503bcd835e009df912dbcec3c4bdff5c9b3f26185b161accc49df48b82888221ac99d393

    • SSDEEP

      384:1LOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:2Sagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks