General

  • Target

    9c11f53798d611c22840b48b4897afa4_JaffaCakes118

  • Size

    13KB

  • Sample

    240815-3j1g2s1hrh

  • MD5

    9c11f53798d611c22840b48b4897afa4

  • SHA1

    3ff2619c18e9a6c42cb47787be06100c41472fc8

  • SHA256

    69f3b186afdf32cff607ae9c5b6b0271a7641d4a462b6d1c7c202fec5011e904

  • SHA512

    1eac57fbe6e7ec9953296feb84addd18db88d970c3561d315f02277730bcb59b1963164df922baf7a69fb085063ebd2be1e6f95afaeb34c638ab14d268e80de3

  • SSDEEP

    384:v0mPcgX5rHRRZpMO5RcZrEOyaWk+7fYp8+mcpJj:3cgn9MO5RpTksfNncn

Malware Config

Targets

    • Target

      9c11f53798d611c22840b48b4897afa4_JaffaCakes118

    • Size

      13KB

    • MD5

      9c11f53798d611c22840b48b4897afa4

    • SHA1

      3ff2619c18e9a6c42cb47787be06100c41472fc8

    • SHA256

      69f3b186afdf32cff607ae9c5b6b0271a7641d4a462b6d1c7c202fec5011e904

    • SHA512

      1eac57fbe6e7ec9953296feb84addd18db88d970c3561d315f02277730bcb59b1963164df922baf7a69fb085063ebd2be1e6f95afaeb34c638ab14d268e80de3

    • SSDEEP

      384:v0mPcgX5rHRRZpMO5RcZrEOyaWk+7fYp8+mcpJj:3cgn9MO5RpTksfNncn

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks