General

  • Target

    9ce459e30d72e8fba500cdc4ff5b31b7_JaffaCakes118

  • Size

    13KB

  • Sample

    240816-epbtwavalg

  • MD5

    9ce459e30d72e8fba500cdc4ff5b31b7

  • SHA1

    ef0513e000ba33f12769cade31dd3f7383ad68ba

  • SHA256

    22e7ef02816f598f5923568b5d30e8ca04cc0bdfda562d02621ad4d8795dd73c

  • SHA512

    556ceec6210db14774d9f78e83e1462da743bcf4f59f0686776afd8f9047a15505091d59b16135934842ad1e7ca23934475b25078f8f93447383f44b8c84386c

  • SSDEEP

    384:uLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:bSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      9ce459e30d72e8fba500cdc4ff5b31b7_JaffaCakes118

    • Size

      13KB

    • MD5

      9ce459e30d72e8fba500cdc4ff5b31b7

    • SHA1

      ef0513e000ba33f12769cade31dd3f7383ad68ba

    • SHA256

      22e7ef02816f598f5923568b5d30e8ca04cc0bdfda562d02621ad4d8795dd73c

    • SHA512

      556ceec6210db14774d9f78e83e1462da743bcf4f59f0686776afd8f9047a15505091d59b16135934842ad1e7ca23934475b25078f8f93447383f44b8c84386c

    • SSDEEP

      384:uLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:bSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks