General

  • Target

    9b3eac5fc7c15c70c5c34a1bf32a4b49_JaffaCakes118

  • Size

    13KB

  • Sample

    240815-xpp1lssgkn

  • MD5

    9b3eac5fc7c15c70c5c34a1bf32a4b49

  • SHA1

    2622b34b491ae856fc4623d4edc65b5200a93fda

  • SHA256

    a66c21da0c960f7fb052455deb8c2a5e79b3d7df2e0ee5455bf3720120d34eb4

  • SHA512

    0578263328118e05041b2bece2b3097f1313e736141770ca82174ec4d3f45ffc138fed20f51240eea48218bee1eeb44513f6032c04800bcf7498d37cee374c09

  • SSDEEP

    384:NLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:eSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      9b3eac5fc7c15c70c5c34a1bf32a4b49_JaffaCakes118

    • Size

      13KB

    • MD5

      9b3eac5fc7c15c70c5c34a1bf32a4b49

    • SHA1

      2622b34b491ae856fc4623d4edc65b5200a93fda

    • SHA256

      a66c21da0c960f7fb052455deb8c2a5e79b3d7df2e0ee5455bf3720120d34eb4

    • SHA512

      0578263328118e05041b2bece2b3097f1313e736141770ca82174ec4d3f45ffc138fed20f51240eea48218bee1eeb44513f6032c04800bcf7498d37cee374c09

    • SSDEEP

      384:NLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:eSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks