General

  • Target

    9b86b28ba9c312db24af41e67649327c_JaffaCakes118

  • Size

    44KB

  • Sample

    240815-za3n9ssfrg

  • MD5

    9b86b28ba9c312db24af41e67649327c

  • SHA1

    3cbe42b67e86835d10c98a2a385269cfed2dc526

  • SHA256

    a751bc7b91b11452db614c47aa362e87adf245bf0d8c1253786349495c776f0b

  • SHA512

    917642b5cd766f6e0be9ecc4371de3655def933fe5ef55b430aa7b10ab384aeb54d748336010751b3891add4a659a5ccacc0529395860679e9ee3ecf79cfe164

  • SSDEEP

    768:/M+uRyBhuIUjKjTQTAdkmN9WHmmy/9YVh0G0k/:1u89UjKjTUAdkmLTb0R0k/

Malware Config

Targets

    • Target

      9b86b28ba9c312db24af41e67649327c_JaffaCakes118

    • Size

      44KB

    • MD5

      9b86b28ba9c312db24af41e67649327c

    • SHA1

      3cbe42b67e86835d10c98a2a385269cfed2dc526

    • SHA256

      a751bc7b91b11452db614c47aa362e87adf245bf0d8c1253786349495c776f0b

    • SHA512

      917642b5cd766f6e0be9ecc4371de3655def933fe5ef55b430aa7b10ab384aeb54d748336010751b3891add4a659a5ccacc0529395860679e9ee3ecf79cfe164

    • SSDEEP

      768:/M+uRyBhuIUjKjTQTAdkmN9WHmmy/9YVh0G0k/:1u89UjKjTUAdkmLTb0R0k/

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks