General

  • Target

    9a92db6145b6124b3807fc7a42e27544_JaffaCakes118

  • Size

    13KB

  • Sample

    240815-svaqnatcpj

  • MD5

    9a92db6145b6124b3807fc7a42e27544

  • SHA1

    00dd4fad95f50311dbf6d5c31952d1109251a3e5

  • SHA256

    faef176595028136f77ce09c848b19464aef5c56e6bb4e5fd1988d11c604f324

  • SHA512

    14d25afc01910d5ac5701734d1fae1c8ef7fb6eca33c1ee403db2df011283bd50c852a55bf2f1faf308ecad9ead72e24a4153dedd6e68c53f45b49b1b2438ef1

  • SSDEEP

    384:bLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:ISagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      9a92db6145b6124b3807fc7a42e27544_JaffaCakes118

    • Size

      13KB

    • MD5

      9a92db6145b6124b3807fc7a42e27544

    • SHA1

      00dd4fad95f50311dbf6d5c31952d1109251a3e5

    • SHA256

      faef176595028136f77ce09c848b19464aef5c56e6bb4e5fd1988d11c604f324

    • SHA512

      14d25afc01910d5ac5701734d1fae1c8ef7fb6eca33c1ee403db2df011283bd50c852a55bf2f1faf308ecad9ead72e24a4153dedd6e68c53f45b49b1b2438ef1

    • SSDEEP

      384:bLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:ISagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks