Overview

overview

10

Static

static

3

b5da2c6944...18.exe

windows7-x64

10

b5da2c6944...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b5da2c69449ed7975763beea7ade90a0_JaffaCakes118

  • Size

    13KB

  • Sample

    240822-b11qlasajg

  • MD5

    b5da2c69449ed7975763beea7ade90a0

  • SHA1

    65831ecb7c4f4bbe92ca91a10ef184de3f3889dc

  • SHA256

    0e4a0c05f22498676046d0af91298528a0e0edf1650da21d8b592bf86141f948

  • SHA512

    95bf17039b4eb7246256da66668bb5bbbff4496e0a736a4ee3d727b3d8ddb4f951a09cc9c7bff9af148316e932712feadaba0c7384b4548a7f99dcfc5dcdc1d5

  • SSDEEP

    384:cLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:9Sagh0Qu1UkKE7AF

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      b5da2c69449ed7975763beea7ade90a0_JaffaCakes118

    • Size

      13KB

    • MD5

      b5da2c69449ed7975763beea7ade90a0

    • SHA1

      65831ecb7c4f4bbe92ca91a10ef184de3f3889dc

    • SHA256

      0e4a0c05f22498676046d0af91298528a0e0edf1650da21d8b592bf86141f948

    • SHA512

      95bf17039b4eb7246256da66668bb5bbbff4496e0a736a4ee3d727b3d8ddb4f951a09cc9c7bff9af148316e932712feadaba0c7384b4548a7f99dcfc5dcdc1d5

    • SSDEEP

      384:cLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:9Sagh0Qu1UkKE7AF

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks