General

  • Target

    9437a397c463d44b7dcd3075d176d162_JaffaCakes118

  • Size

    21KB

  • Sample

    240813-wytvgsygld

  • MD5

    9437a397c463d44b7dcd3075d176d162

  • SHA1

    161f98d0bb9a1c4ffa35335422c977cfecca937e

  • SHA256

    1a73b6be5fc6eede19b2702ab2adc816b9fa2131b1328984f502cb571785c078

  • SHA512

    38ccbae953f77f35c7b614e041d4129decfca049ce69a1940790cbd886e98d6ba6f348c5204d1878f53c67dffaaf8c517defcc549190bcb73fbb63b7e0c02cbc

  • SSDEEP

    384:O04Vfdj9JT9uxRgZGz0glhPuDWWx3fw7H4Vj9WnJd0/NssgCu+/:EdfTIvZ4UFsgCt

Malware Config

Targets

    • Target

      9437a397c463d44b7dcd3075d176d162_JaffaCakes118

    • Size

      21KB

    • MD5

      9437a397c463d44b7dcd3075d176d162

    • SHA1

      161f98d0bb9a1c4ffa35335422c977cfecca937e

    • SHA256

      1a73b6be5fc6eede19b2702ab2adc816b9fa2131b1328984f502cb571785c078

    • SHA512

      38ccbae953f77f35c7b614e041d4129decfca049ce69a1940790cbd886e98d6ba6f348c5204d1878f53c67dffaaf8c517defcc549190bcb73fbb63b7e0c02cbc

    • SSDEEP

      384:O04Vfdj9JT9uxRgZGz0glhPuDWWx3fw7H4Vj9WnJd0/NssgCu+/:EdfTIvZ4UFsgCt

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks