General

  • Target

    9c0693bedf4797eb89b174a12197bea5_JaffaCakes118

  • Size

    13KB

  • Sample

    240815-3bg1qswapl

  • MD5

    9c0693bedf4797eb89b174a12197bea5

  • SHA1

    319a06ecaccedbb7dcad95705e70940ab00133ac

  • SHA256

    2fd2c2bb55d3facbd48209a9eecbaa504982113719b05046b28b5b64ee05566c

  • SHA512

    71a42486320688226ffd9ccd4195e0624e2c76afa22ce15982675830fe751d4d040d2b8888b4c7f70e38cf7b0d6b02220b7c5c7b9f9c7473e3b9b44fd2fecb3b

  • SSDEEP

    384:DLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:gSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      9c0693bedf4797eb89b174a12197bea5_JaffaCakes118

    • Size

      13KB

    • MD5

      9c0693bedf4797eb89b174a12197bea5

    • SHA1

      319a06ecaccedbb7dcad95705e70940ab00133ac

    • SHA256

      2fd2c2bb55d3facbd48209a9eecbaa504982113719b05046b28b5b64ee05566c

    • SHA512

      71a42486320688226ffd9ccd4195e0624e2c76afa22ce15982675830fe751d4d040d2b8888b4c7f70e38cf7b0d6b02220b7c5c7b9f9c7473e3b9b44fd2fecb3b

    • SSDEEP

      384:DLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:gSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks