General

  • Target

    9da655574bf83911bf6b44ff187aecc6_JaffaCakes118

  • Size

    44KB

  • Sample

    240816-ke1m5syerm

  • MD5

    9da655574bf83911bf6b44ff187aecc6

  • SHA1

    2c4e6f080dfbdcf5e66fd25a86a635ddd58ff65f

  • SHA256

    9728ed89bf9cdbe1b5601686803b0171abaf1503038d38c9eac29a61abfa3531

  • SHA512

    63fc7e1730b11bf43646c96adae14f9953259e349f77ccdccd357b3eec0c2d5a25d890bae3c36ebeba96bf40e77eae4d2addea1d8aa8ce651b3ac4bab464ded0

  • SSDEEP

    768:50meaaX2L4EvKY1BlXUbkPVyyyv5Lad9Cy6RLMXkoRv9H:5dtBLPNhkb0U9B+r6RQRv9H

Malware Config

Targets

    • Target

      9da655574bf83911bf6b44ff187aecc6_JaffaCakes118

    • Size

      44KB

    • MD5

      9da655574bf83911bf6b44ff187aecc6

    • SHA1

      2c4e6f080dfbdcf5e66fd25a86a635ddd58ff65f

    • SHA256

      9728ed89bf9cdbe1b5601686803b0171abaf1503038d38c9eac29a61abfa3531

    • SHA512

      63fc7e1730b11bf43646c96adae14f9953259e349f77ccdccd357b3eec0c2d5a25d890bae3c36ebeba96bf40e77eae4d2addea1d8aa8ce651b3ac4bab464ded0

    • SSDEEP

      768:50meaaX2L4EvKY1BlXUbkPVyyyv5Lad9Cy6RLMXkoRv9H:5dtBLPNhkb0U9B+r6RQRv9H

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks