General

  • Target

    bc96804cdb6ee2ddea9944a395f998d6_JaffaCakes118

  • Size

    46KB

  • Sample

    240823-vl5ksaygpq

  • MD5

    bc96804cdb6ee2ddea9944a395f998d6

  • SHA1

    c976ad425bf577ed991dd53dcf8ca4c21cbd7bec

  • SHA256

    76dd68fa0fd79736aa7046e846bdc0f2a296095298157a7572e922a05d9470bb

  • SHA512

    8260297bd153ceac682096e122a904793b7426ec486f2023a5e0928f653b1bc67afcc8b1a64a240e49cd5184e600fa35ae7b14fd29a7c100fef9e44c490787ba

  • SSDEEP

    768:OhfbEUiWyy3vdzJPZ/vOVyOabiR5K0k5anVrkqVsOtDjVRbyn5LZPRDsj6/H:OhfbEUiWD/dzz/vOyO8tdsVrkqaOtVR8

Malware Config

Targets

    • Target

      bc96804cdb6ee2ddea9944a395f998d6_JaffaCakes118

    • Size

      46KB

    • MD5

      bc96804cdb6ee2ddea9944a395f998d6

    • SHA1

      c976ad425bf577ed991dd53dcf8ca4c21cbd7bec

    • SHA256

      76dd68fa0fd79736aa7046e846bdc0f2a296095298157a7572e922a05d9470bb

    • SHA512

      8260297bd153ceac682096e122a904793b7426ec486f2023a5e0928f653b1bc67afcc8b1a64a240e49cd5184e600fa35ae7b14fd29a7c100fef9e44c490787ba

    • SSDEEP

      768:OhfbEUiWyy3vdzJPZ/vOVyOabiR5K0k5anVrkqVsOtDjVRbyn5LZPRDsj6/H:OhfbEUiWD/dzz/vOyO8tdsVrkqaOtVR8

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks