General

  • Target

    9868f7589471d3d7205599c9379fac50_JaffaCakes118

  • Size

    14KB

  • Sample

    240815-bq4phasbqq

  • MD5

    9868f7589471d3d7205599c9379fac50

  • SHA1

    b7ccb90cc87b511a813c0fef849e62f8ef9f5eba

  • SHA256

    80476542af49e95f8900bdfb29c040db784edaced2c7f96f370e6536cd9e3c1a

  • SHA512

    08179fa3c1677cdfcfa354a9b836bdd33c4ac14aab8cade3c1760f906e13fa62a251372a9c3038332a7c95179a0748de26e0f273ecd746a02750dca9b51a0af7

  • SSDEEP

    384:s04Vfdj9JT9uxRgZGz0glhPuDWWx3fdMi:idfTIvbi

Malware Config

Targets

    • Target

      9868f7589471d3d7205599c9379fac50_JaffaCakes118

    • Size

      14KB

    • MD5

      9868f7589471d3d7205599c9379fac50

    • SHA1

      b7ccb90cc87b511a813c0fef849e62f8ef9f5eba

    • SHA256

      80476542af49e95f8900bdfb29c040db784edaced2c7f96f370e6536cd9e3c1a

    • SHA512

      08179fa3c1677cdfcfa354a9b836bdd33c4ac14aab8cade3c1760f906e13fa62a251372a9c3038332a7c95179a0748de26e0f273ecd746a02750dca9b51a0af7

    • SSDEEP

      384:s04Vfdj9JT9uxRgZGz0glhPuDWWx3fdMi:idfTIvbi

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks