General

  • Target

    921a0ddcfefbdcc72fbb08a26ba95d60_JaffaCakes118

  • Size

    31KB

  • Sample

    240813-h5cynazgkg

  • MD5

    921a0ddcfefbdcc72fbb08a26ba95d60

  • SHA1

    230abf5025c2ab043dced85aaafad46e5229d6bd

  • SHA256

    2edfed706a7060979bcbbc22cd786f4a4bd8036aed972fd9a8501c7e4da52c09

  • SHA512

    0210609349ce542d5241d3781f0d2e789302e32840949b176cbe0d23dbe041f452c2ae96a47873138cf4906c0fd3d36b01e7b34db9815e4cdcb342d0e3398944

  • SSDEEP

    384:V04Vfdj9JT9uxRgZGz0glhPuDWWx3fd+7Hu:9dfTIvF

Malware Config

Targets

    • Target

      921a0ddcfefbdcc72fbb08a26ba95d60_JaffaCakes118

    • Size

      31KB

    • MD5

      921a0ddcfefbdcc72fbb08a26ba95d60

    • SHA1

      230abf5025c2ab043dced85aaafad46e5229d6bd

    • SHA256

      2edfed706a7060979bcbbc22cd786f4a4bd8036aed972fd9a8501c7e4da52c09

    • SHA512

      0210609349ce542d5241d3781f0d2e789302e32840949b176cbe0d23dbe041f452c2ae96a47873138cf4906c0fd3d36b01e7b34db9815e4cdcb342d0e3398944

    • SSDEEP

      384:V04Vfdj9JT9uxRgZGz0glhPuDWWx3fd+7Hu:9dfTIvF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks