General

  • Target

    912caa5f1b7d3a8ec9b88b1d6091ec31_JaffaCakes118

  • Size

    76KB

  • Sample

    240813-cdqgsatdnq

  • MD5

    912caa5f1b7d3a8ec9b88b1d6091ec31

  • SHA1

    99bd13fb58efbee85fae63a16adc92f08fccfe29

  • SHA256

    ec347a4e05075b4cdaae20174cae3d7a8d4a996f6c4a336ece8f0fe6ecdc31d8

  • SHA512

    9d998338acce07afb43c3eb98f81a54b2ba6cc3d051f63a32a5eac6fe92de2943f996a12a4dca3e2db67327fb8c986d9b4cc0d60e75b38fe5d7329d7310d5faa

  • SSDEEP

    1536:yBdsUKIT0JOSj6IW8CCTdqOoXfGAe0D0pUd:w+IN8rCAdqOoXfZe0Dkw

Malware Config

Targets

    • Target

      912caa5f1b7d3a8ec9b88b1d6091ec31_JaffaCakes118

    • Size

      76KB

    • MD5

      912caa5f1b7d3a8ec9b88b1d6091ec31

    • SHA1

      99bd13fb58efbee85fae63a16adc92f08fccfe29

    • SHA256

      ec347a4e05075b4cdaae20174cae3d7a8d4a996f6c4a336ece8f0fe6ecdc31d8

    • SHA512

      9d998338acce07afb43c3eb98f81a54b2ba6cc3d051f63a32a5eac6fe92de2943f996a12a4dca3e2db67327fb8c986d9b4cc0d60e75b38fe5d7329d7310d5faa

    • SSDEEP

      1536:yBdsUKIT0JOSj6IW8CCTdqOoXfGAe0D0pUd:w+IN8rCAdqOoXfZe0Dkw

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks