General

  • Target

    9dda7d57b21dd8bc6d05e4be71d2afa3_JaffaCakes118

  • Size

    47KB

  • Sample

    240816-lnyeta1hjr

  • MD5

    9dda7d57b21dd8bc6d05e4be71d2afa3

  • SHA1

    f1c50ff9ba0527b02c18d4e2ef9f29aca07be790

  • SHA256

    9890e107c8c2c6bed4672eb11b116c39316fcb86132ad15654947bea9ff933a0

  • SHA512

    cae6f857fce456de07fcd1d9f85190195120f41fcf5959488cb18da5e7d5321301152472b47748aaee6da13a941dfb9b56b287af16f0e148bda66c3305bb554f

  • SSDEEP

    768:BCsM1i5oR7c20iniPmhU7Oh1id2Fie72YHws3rFL8j0XdiRmRmE7R/nDXQ:A71i+wJoiuhR1K2Fiej3xogdgCmE7R/n

Malware Config

Targets

    • Target

      9dda7d57b21dd8bc6d05e4be71d2afa3_JaffaCakes118

    • Size

      47KB

    • MD5

      9dda7d57b21dd8bc6d05e4be71d2afa3

    • SHA1

      f1c50ff9ba0527b02c18d4e2ef9f29aca07be790

    • SHA256

      9890e107c8c2c6bed4672eb11b116c39316fcb86132ad15654947bea9ff933a0

    • SHA512

      cae6f857fce456de07fcd1d9f85190195120f41fcf5959488cb18da5e7d5321301152472b47748aaee6da13a941dfb9b56b287af16f0e148bda66c3305bb554f

    • SSDEEP

      768:BCsM1i5oR7c20iniPmhU7Oh1id2Fie72YHws3rFL8j0XdiRmRmE7R/nDXQ:A71i+wJoiuhR1K2Fiej3xogdgCmE7R/n

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks