General

  • Target

    be125c68f9a9c3b23fd65738b4b8a343_JaffaCakes118

  • Size

    130KB

  • Sample

    240824-hezpqszbrk

  • MD5

    be125c68f9a9c3b23fd65738b4b8a343

  • SHA1

    18a97bf1f3191560ecdebde1b477f1a679a807d7

  • SHA256

    64431d37e136e13cad6c4344d77366804bdb0a601bc39ede3cb495899fe4a6bd

  • SHA512

    1639b53e81b5595a19fa471de3666d2b36e82c363f4c4874c2fbc295f085d693badca67ed81a85589e4ccd340138660805481c1473075f90b2c1e9a38e2a47f1

  • SSDEEP

    384:V04Vfdj9JT9uxRgZGz0glhPuDWWx3fr6Y:9dfTIv

Malware Config

Targets

    • Target

      be125c68f9a9c3b23fd65738b4b8a343_JaffaCakes118

    • Size

      130KB

    • MD5

      be125c68f9a9c3b23fd65738b4b8a343

    • SHA1

      18a97bf1f3191560ecdebde1b477f1a679a807d7

    • SHA256

      64431d37e136e13cad6c4344d77366804bdb0a601bc39ede3cb495899fe4a6bd

    • SHA512

      1639b53e81b5595a19fa471de3666d2b36e82c363f4c4874c2fbc295f085d693badca67ed81a85589e4ccd340138660805481c1473075f90b2c1e9a38e2a47f1

    • SSDEEP

      384:V04Vfdj9JT9uxRgZGz0glhPuDWWx3fr6Y:9dfTIv

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks