General

  • Target

    9d5e640d9d05d7423614ac6a94c3d0f2_JaffaCakes118

  • Size

    12KB

  • Sample

    240816-hraw5svgqp

  • MD5

    9d5e640d9d05d7423614ac6a94c3d0f2

  • SHA1

    bde52c0978d10696de145641337cab7b65dddab3

  • SHA256

    0217b260a6ccc86f003124917cea2188e36469a2d4117165e739f646bb83a2f0

  • SHA512

    8315d795989608b0b2d5544c558b7cd2ed04f305c3d4ac9c6206a50ca45dc7a0c7e74ffdb310fe7031f08c92f361025165c072afa3e07c0ca62903d664c50112

  • SSDEEP

    192:zGotRcCuc7JV37Ys4tlpb9b450y07CTt1I78qJ+H+kTVm/JS/tS8AF3Ukh1:KotRcCbJR7Ys4tvS50yxte7d8TVm/Ir0

Malware Config

Targets

    • Target

      longroad.exe

    • Size

      13KB

    • MD5

      c9e729582d7e932e0962a20703b5d9ce

    • SHA1

      a246c40c20a71e7d95de4378fffdb791517f686a

    • SHA256

      1261dd1f32b4a905af92c844e582511385a055692936be4a420974bfdd3ee8c9

    • SHA512

      8f96e4ecf3de35ef689d4b4d96e8fe89cb16e908a6a546c96e44f700a0fa3dd17e57cc1b4a1bcb92bb6aaf953cfd290b8d4d3579795ba6dd3d23dc7845771e5e

    • SSDEEP

      384:BLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:CSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks