General

  • Target

    956dc5694f2c400b4830bd69a3118870_JaffaCakes118

  • Size

    40KB

  • Sample

    240814-kyy9esycnn

  • MD5

    956dc5694f2c400b4830bd69a3118870

  • SHA1

    22b5869fad11204ff66c78c0fb4473b00809e9a8

  • SHA256

    77785041309afc31a9546a75a2bed3ae216718f2f1269b2ab7ced930b491d733

  • SHA512

    178360069d4b9ff7d730501506eb6ee258ef8d20b9d0fb6247af0faf1270aeebde8edfc02d06917210854c63160e11c1493e96e181a6ca76d8cb20919e30b7bf

  • SSDEEP

    384:P04Vfdj9JT9uxRgZGz0glhPuDWWx3f55V3wByX9y59KFaSSZN81VGKqLTVS3y8DN:HdfTIvwwsiuRSoVGjl8DFJzUgyV3C

Malware Config

Targets

    • Target

      956dc5694f2c400b4830bd69a3118870_JaffaCakes118

    • Size

      40KB

    • MD5

      956dc5694f2c400b4830bd69a3118870

    • SHA1

      22b5869fad11204ff66c78c0fb4473b00809e9a8

    • SHA256

      77785041309afc31a9546a75a2bed3ae216718f2f1269b2ab7ced930b491d733

    • SHA512

      178360069d4b9ff7d730501506eb6ee258ef8d20b9d0fb6247af0faf1270aeebde8edfc02d06917210854c63160e11c1493e96e181a6ca76d8cb20919e30b7bf

    • SSDEEP

      384:P04Vfdj9JT9uxRgZGz0glhPuDWWx3f55V3wByX9y59KFaSSZN81VGKqLTVS3y8DN:HdfTIvwwsiuRSoVGjl8DFJzUgyV3C

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks