General

  • Target

    96d9f0831fe14ad35f524bd7ef4daa03_JaffaCakes118

  • Size

    13KB

  • Sample

    240814-t874raxdlq

  • MD5

    96d9f0831fe14ad35f524bd7ef4daa03

  • SHA1

    b5395bd5b26f648790076d10a7873736aae447d9

  • SHA256

    101f085af826e49e2face01e278a4a23274ca42fd07afdbf98957d763511109c

  • SHA512

    21c3c9e8cbab6646e7511916fb2837bc2fbab46f84d25f7e7950f1ce52a06ba2268e2aac0a964f2b63bfb3e1a451d4ad80b3d12922def80f343435709ae9ae1b

  • SSDEEP

    384:nLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:0Sagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      96d9f0831fe14ad35f524bd7ef4daa03_JaffaCakes118

    • Size

      13KB

    • MD5

      96d9f0831fe14ad35f524bd7ef4daa03

    • SHA1

      b5395bd5b26f648790076d10a7873736aae447d9

    • SHA256

      101f085af826e49e2face01e278a4a23274ca42fd07afdbf98957d763511109c

    • SHA512

      21c3c9e8cbab6646e7511916fb2837bc2fbab46f84d25f7e7950f1ce52a06ba2268e2aac0a964f2b63bfb3e1a451d4ad80b3d12922def80f343435709ae9ae1b

    • SSDEEP

      384:nLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:0Sagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks