General

  • Target

    971f5bf683b12b80807a7a71c3bb114e_JaffaCakes118

  • Size

    23KB

  • Sample

    240814-wrn1nawcpe

  • MD5

    971f5bf683b12b80807a7a71c3bb114e

  • SHA1

    58182102e5ed6d89f4132328a690b91375b3f2ed

  • SHA256

    f39144662059b6b69fe0ca8ced13c542729dbf8f3bf0f728f27d7682fbab997d

  • SHA512

    c6a44d970a1fb17d377be91af6d5651330e506344706805ca32a0d20ca7ce0db417698ad63614173a9d143fc01403428c9be14d40f874cfc4cc086da71e9b6ca

  • SSDEEP

    384:MqpeYXzFCemo+G6unM+gH36Lh9BUlcDnwNAKfICBCNpwcAk3Ax3B/Qs075v0:MOemkpB6gXa/BoIMAcCjzAx3qsA5v0

Malware Config

Targets

    • Target

      pdf_ups_shipping_invoice.pif

    • Size

      48KB

    • MD5

      6ffeb6c9937e13d97472cb1cd1a78be2

    • SHA1

      4028524f2634015573a4d08ed834f4db8947f686

    • SHA256

      bcd0dcf7e268cbc6de8f43980198bccd372aa24e122b40fb1bf180e846409cdd

    • SHA512

      2f9ffdcb10aaccf7813e84d3db868300eaa14177acbe16872085f5864d2eebd1a046e09f2ac7cfe7949c6a678c2985972eec23e04692766df5d52bbd2ff71e13

    • SSDEEP

      768:dBS+cG0NkkYkXkkkkkkkkkkkkkkKkkkkkkkkkkMGyKNscfGLkkkkkkkkkkkkkkkS:DSY0N2yg1GWLa

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks