General

  • Target

    e3cb66420d0222b54013824434771a3ff6dbd7fa3ac1de1cc7287ac2f35ae011

  • Size

    222KB

  • Sample

    240813-bp4m4s1hnq

  • MD5

    7a2e597912e2d619a9c6b73f66869998

  • SHA1

    e3ff40a306298b112032a99fbbbfd3aa94d7c108

  • SHA256

    e3cb66420d0222b54013824434771a3ff6dbd7fa3ac1de1cc7287ac2f35ae011

  • SHA512

    9acb8a0e213f6674911e7900af614604e2dd9a88d809d63d0552ffdf5bd638c84b07964cb00991a0302f6331946b6027401b5cdfc195a588b0d5e38ad7c5d420

  • SSDEEP

    3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9HRN97K5qGSfzQJY:/14RzUNsYN1B9nX9Ud9HRN0qGSfzwY

Malware Config

Targets

    • Target

      e3cb66420d0222b54013824434771a3ff6dbd7fa3ac1de1cc7287ac2f35ae011

    • Size

      222KB

    • MD5

      7a2e597912e2d619a9c6b73f66869998

    • SHA1

      e3ff40a306298b112032a99fbbbfd3aa94d7c108

    • SHA256

      e3cb66420d0222b54013824434771a3ff6dbd7fa3ac1de1cc7287ac2f35ae011

    • SHA512

      9acb8a0e213f6674911e7900af614604e2dd9a88d809d63d0552ffdf5bd638c84b07964cb00991a0302f6331946b6027401b5cdfc195a588b0d5e38ad7c5d420

    • SSDEEP

      3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9HRN97K5qGSfzQJY:/14RzUNsYN1B9nX9Ud9HRN0qGSfzwY

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks