General

  • Target

    9db5904446b1e74829f05cd27504706e_JaffaCakes118

  • Size

    13KB

  • Sample

    240816-ks5h9azcqr

  • MD5

    9db5904446b1e74829f05cd27504706e

  • SHA1

    d22932fe72ed4d1710ab1f744e58c9f485000991

  • SHA256

    e804cb0392b4d54b3c3758e52228cff75c03c6b1a077532a380a21cbe3b5c075

  • SHA512

    152dee27bc4930495b11988b6d709d4c6e58b8124b0beb66c521afb3bacc12e5682927ff6131ebe915fe030f203285b4daec36bf021da90bb1a7cd20beb223a5

  • SSDEEP

    384:0LOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY6:FSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      9db5904446b1e74829f05cd27504706e_JaffaCakes118

    • Size

      13KB

    • MD5

      9db5904446b1e74829f05cd27504706e

    • SHA1

      d22932fe72ed4d1710ab1f744e58c9f485000991

    • SHA256

      e804cb0392b4d54b3c3758e52228cff75c03c6b1a077532a380a21cbe3b5c075

    • SHA512

      152dee27bc4930495b11988b6d709d4c6e58b8124b0beb66c521afb3bacc12e5682927ff6131ebe915fe030f203285b4daec36bf021da90bb1a7cd20beb223a5

    • SSDEEP

      384:0LOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY6:FSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks