General

  • Target

    98318c2ea2fe212813bfab98c2d37426_JaffaCakes118

  • Size

    31KB

  • Sample

    240814-31ksxsshng

  • MD5

    98318c2ea2fe212813bfab98c2d37426

  • SHA1

    81f4b2bd4f0eaa1b58078d50a33ff0f95a28d9df

  • SHA256

    fb9b5854dec8ea0fa87cdb95eac5f1cf8dd577961b2135290fe8fd26611a127d

  • SHA512

    4c6003176b01da05776fa8656a96f1c7abe187a21ee126f6a860dfed9a8bfcfcb2b69bf02f370a586793bf9cd8e886ba8551f6b974d0e358e9d830c17ff3e1c1

  • SSDEEP

    768:KIMAcRlqM0NHpe+MgS5WW8bbLs98fX6b/ET8VLM01X9oQH9:KNRlqM0Nc+MfN2Sb/EyX9oQH9

Malware Config

Targets

    • Target

      pdf_trk_invoice.scr

    • Size

      49KB

    • MD5

      5f2a7d126ea1bca68f12982a44a952f5

    • SHA1

      d46f6b41b4be0e2eb999192d18a4269d34726d2f

    • SHA256

      63ccc3cbb3b29c697dbcb6b8c9b5de8c1ecdcefb3a1ed9a8f2c3e594b3c60fbd

    • SHA512

      caaacf0df796922eae102204766761de59ceac2f55bae2c6a367ab8be713aaaf4c5c49b388815ad130246cccb6e13086faf01800ffc3f407fa788549efe2a102

    • SSDEEP

      768:AQR2QFShXLBmomuvG1ozfCO2PvSW2tezCnC5DWn1kovKbSsORNbhClxWBEbXV/:PTShLBpvBfCVv0NYDWnCoBRNFCDnV/

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks