General

  • Target

    982002caf8a574ca503fbe12dd072b62_JaffaCakes118

  • Size

    36KB

  • Sample

    240814-3l2g5asbld

  • MD5

    982002caf8a574ca503fbe12dd072b62

  • SHA1

    083db1a54134430381f621699d52b20343311335

  • SHA256

    4599bc2527ad4889bb29aa0d38d06a6e8871df4f806ccb2ad5b352a4dae7d14b

  • SHA512

    50fbde9038671ff2476a09dca3b9ea6ba45da90eb1d883167bc899f83b4f51fbe3223f21ff9401f92e377fca42d883edf639338a687d9e5e6ce96648d0962a45

  • SSDEEP

    768:tBT/H3K6h8I+Cnf0+zRweP7JcaIktRbwYM4V:Da6hr+Cnc+zRwoizkTbwYVV

Malware Config

Targets

    • Target

      982002caf8a574ca503fbe12dd072b62_JaffaCakes118

    • Size

      36KB

    • MD5

      982002caf8a574ca503fbe12dd072b62

    • SHA1

      083db1a54134430381f621699d52b20343311335

    • SHA256

      4599bc2527ad4889bb29aa0d38d06a6e8871df4f806ccb2ad5b352a4dae7d14b

    • SHA512

      50fbde9038671ff2476a09dca3b9ea6ba45da90eb1d883167bc899f83b4f51fbe3223f21ff9401f92e377fca42d883edf639338a687d9e5e6ce96648d0962a45

    • SSDEEP

      768:tBT/H3K6h8I+Cnf0+zRweP7JcaIktRbwYM4V:Da6hr+Cnc+zRwoizkTbwYVV

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks