General

  • Target

    9c776bab859bcd742fbbdb061f64d001_JaffaCakes118

  • Size

    13KB

  • Sample

    240816-b4nv7syald

  • MD5

    9c776bab859bcd742fbbdb061f64d001

  • SHA1

    ecb3a3c41d23273b663a91def07d77d7dfe297fa

  • SHA256

    edba6481c92ab1e682e32b89d24574195b1928e0047675ee3b1bcbedc37ac536

  • SHA512

    f1a022eec34d9abd6ff66968dfd5cec287fb2bdcbd3fb9a3390c8d7b671c037e5b389f46edf370664a0cdc886f53a06bc1c2dfcd354c1cc1312da22f3c991de6

  • SSDEEP

    384:N0mRLpaLkDpeRy3zGsvsfm4lAilbqX6rwTbRi4Xz/4:LwRehvR4lAUqX6It5b4

Malware Config

Targets

    • Target

      9c776bab859bcd742fbbdb061f64d001_JaffaCakes118

    • Size

      13KB

    • MD5

      9c776bab859bcd742fbbdb061f64d001

    • SHA1

      ecb3a3c41d23273b663a91def07d77d7dfe297fa

    • SHA256

      edba6481c92ab1e682e32b89d24574195b1928e0047675ee3b1bcbedc37ac536

    • SHA512

      f1a022eec34d9abd6ff66968dfd5cec287fb2bdcbd3fb9a3390c8d7b671c037e5b389f46edf370664a0cdc886f53a06bc1c2dfcd354c1cc1312da22f3c991de6

    • SSDEEP

      384:N0mRLpaLkDpeRy3zGsvsfm4lAilbqX6rwTbRi4Xz/4:LwRehvR4lAUqX6It5b4

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks