General

  • Target

    935021ebf0cbd17cb806f9698dcf8bff_JaffaCakes118

  • Size

    62KB

  • Sample

    240813-qxyt6awgkd

  • MD5

    935021ebf0cbd17cb806f9698dcf8bff

  • SHA1

    eeb3176bc6113304df5a45a0d9acad4c31ac7aab

  • SHA256

    0863c3035d6a489b1e5320c75d910ccfad92321c918237b9f0efcfe1dc39c0ec

  • SHA512

    db248e8cf021e1208474ba098eefbed6f0d46507f7ca2bedfa3f164724e27c92f515bd09d3a1458819dc12dd533c060935b63348f140e838b9412fab30b0a000

  • SSDEEP

    768:DWfQ5ILobJGzshEjgJFuWED3AnrD0NJHcUjmQ48sxbctXlgjHQ6GjhoHbPhHmU6D:DWfQ5sAW8+utskQ4/ZcrSrG6HThB6L5l

Malware Config

Targets

    • Target

      935021ebf0cbd17cb806f9698dcf8bff_JaffaCakes118

    • Size

      62KB

    • MD5

      935021ebf0cbd17cb806f9698dcf8bff

    • SHA1

      eeb3176bc6113304df5a45a0d9acad4c31ac7aab

    • SHA256

      0863c3035d6a489b1e5320c75d910ccfad92321c918237b9f0efcfe1dc39c0ec

    • SHA512

      db248e8cf021e1208474ba098eefbed6f0d46507f7ca2bedfa3f164724e27c92f515bd09d3a1458819dc12dd533c060935b63348f140e838b9412fab30b0a000

    • SSDEEP

      768:DWfQ5ILobJGzshEjgJFuWED3AnrD0NJHcUjmQ48sxbctXlgjHQ6GjhoHbPhHmU6D:DWfQ5sAW8+utskQ4/ZcrSrG6HThB6L5l

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks