General

  • Target

    383330b97552deb4caffb7942a8abef0N.exe

  • Size

    88KB

  • Sample

    240814-q5v38szgpp

  • MD5

    383330b97552deb4caffb7942a8abef0

  • SHA1

    1a89c4a48629cb39b66f10544b07a0f0979d7145

  • SHA256

    366affd55e02d463fa66cef9c955249428f290e6a691a57e31ff107707fec5b5

  • SHA512

    91999145cf99c4bac585c96b035dbe741b2bf07110802d19405092eecdf450fa53a1b20aa7400e2a5369333cb62ff8f71215f19c1ab40733608ab5b6cc1a36dd

  • SSDEEP

    1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yET:6D0ctAVA/bmxIMnoKjyR/NT

Malware Config

Targets

    • Target

      383330b97552deb4caffb7942a8abef0N.exe

    • Size

      88KB

    • MD5

      383330b97552deb4caffb7942a8abef0

    • SHA1

      1a89c4a48629cb39b66f10544b07a0f0979d7145

    • SHA256

      366affd55e02d463fa66cef9c955249428f290e6a691a57e31ff107707fec5b5

    • SHA512

      91999145cf99c4bac585c96b035dbe741b2bf07110802d19405092eecdf450fa53a1b20aa7400e2a5369333cb62ff8f71215f19c1ab40733608ab5b6cc1a36dd

    • SSDEEP

      1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yET:6D0ctAVA/bmxIMnoKjyR/NT

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks