General

  • Target

    989802f02aff138e654ef6e640902e0e_JaffaCakes118

  • Size

    13KB

  • Sample

    240815-cx91jazdnf

  • MD5

    989802f02aff138e654ef6e640902e0e

  • SHA1

    d552dd2707ebb2d2ea687b3e2d9d4051f119dc67

  • SHA256

    ddd3c87a7baaba20d1bd1e6df5c37b9aa90ef57759b8f8a90e2c7b11847864a5

  • SHA512

    156c496a74f52801f68e2cc7b40f62314cdbde240445405edec66542615537ca3f7d6f518662585e17a89b2f7bdc67786ac543361b2b18882fc38476c3b89e9c

  • SSDEEP

    192:8yEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:h04Vfdj9JT9uxRgZGz0glhPuDWWx3f

Malware Config

Targets

    • Target

      989802f02aff138e654ef6e640902e0e_JaffaCakes118

    • Size

      13KB

    • MD5

      989802f02aff138e654ef6e640902e0e

    • SHA1

      d552dd2707ebb2d2ea687b3e2d9d4051f119dc67

    • SHA256

      ddd3c87a7baaba20d1bd1e6df5c37b9aa90ef57759b8f8a90e2c7b11847864a5

    • SHA512

      156c496a74f52801f68e2cc7b40f62314cdbde240445405edec66542615537ca3f7d6f518662585e17a89b2f7bdc67786ac543361b2b18882fc38476c3b89e9c

    • SSDEEP

      192:8yEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:h04Vfdj9JT9uxRgZGz0glhPuDWWx3f

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks