General

  • Target

    9b3059c4886137a039ad4e5cb9018ab7_JaffaCakes118

  • Size

    41KB

  • Sample

    240815-xc25easbjp

  • MD5

    9b3059c4886137a039ad4e5cb9018ab7

  • SHA1

    4fc2147a07269023e29c30a3a0071caed5b17efb

  • SHA256

    2c19952016bb7357e505904a8c8c5988d857c3b7d510f53af8c03b2ba4cc329d

  • SHA512

    748340c5e5b329498109c7f455cb6a86fdebdcb01156ea135cc8074be73472b81381f66cd43c4eaf36fe04ffe691a6a5ba185a40b36cfa192c66b274ad19b86f

  • SSDEEP

    768:PCtxsRLvrH1vkJfQgcB9qFhNzqo38VvzCvQj8AXhSiXQQXDMvdp8DkcedShKvP7Q:6TsRLvrH1vkJfQgcB9qFhxqo38VvzCvU

Malware Config

Targets

    • Target

      9b3059c4886137a039ad4e5cb9018ab7_JaffaCakes118

    • Size

      41KB

    • MD5

      9b3059c4886137a039ad4e5cb9018ab7

    • SHA1

      4fc2147a07269023e29c30a3a0071caed5b17efb

    • SHA256

      2c19952016bb7357e505904a8c8c5988d857c3b7d510f53af8c03b2ba4cc329d

    • SHA512

      748340c5e5b329498109c7f455cb6a86fdebdcb01156ea135cc8074be73472b81381f66cd43c4eaf36fe04ffe691a6a5ba185a40b36cfa192c66b274ad19b86f

    • SSDEEP

      768:PCtxsRLvrH1vkJfQgcB9qFhNzqo38VvzCvQj8AXhSiXQQXDMvdp8DkcedShKvP7Q:6TsRLvrH1vkJfQgcB9qFhxqo38VvzCvU

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks