General

  • Target

    98a380d05c98e63db3220545a7733420_JaffaCakes118

  • Size

    40KB

  • Sample

    240815-c82tas1akh

  • MD5

    98a380d05c98e63db3220545a7733420

  • SHA1

    0e0626fe533222393b746ddba834a89ab94d3b86

  • SHA256

    3dd1e8b9dcac7e15256a6baf8de66dbcee9b438e6e6b03b7c63356f8b2959336

  • SHA512

    3c4f563ec1f4f5bc1b18da8ae3d5a407b31f311860a17719e73787e29342c4525a6570f724630c988f5b8415273265e38e9714932e47f9d6d8162d87bd46a0d3

  • SSDEEP

    192:kyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:J04Vfdj9JT9uxRgZGz0glhPuDWWx3f

Malware Config

Targets

    • Target

      98a380d05c98e63db3220545a7733420_JaffaCakes118

    • Size

      40KB

    • MD5

      98a380d05c98e63db3220545a7733420

    • SHA1

      0e0626fe533222393b746ddba834a89ab94d3b86

    • SHA256

      3dd1e8b9dcac7e15256a6baf8de66dbcee9b438e6e6b03b7c63356f8b2959336

    • SHA512

      3c4f563ec1f4f5bc1b18da8ae3d5a407b31f311860a17719e73787e29342c4525a6570f724630c988f5b8415273265e38e9714932e47f9d6d8162d87bd46a0d3

    • SSDEEP

      192:kyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:J04Vfdj9JT9uxRgZGz0glhPuDWWx3f

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks