General

  • Target

    c31aa437e446542d7c10994d4817b630N.exe

  • Size

    164KB

  • Sample

    240824-p8w92a1drb

  • MD5

    c31aa437e446542d7c10994d4817b630

  • SHA1

    42164bd21b4dbdd669787385dff586a13fd6f874

  • SHA256

    33b250020e9c3cde0255c679760f57ce070b82f63033502d73e4b5beb662c234

  • SHA512

    d42c6b70e9d17872269bc3653f487a2d810739b925bc06da495cee867ea635adf460072b23a876ea2f92a518b7127f77374052ce326c9eeb57e1bec7edcd6ece

  • SSDEEP

    1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqs5YAfT55RdRkA8K3SObaw:FW+1oS4l5OeuQdrmwvL8EqbAJKiomeA

Malware Config

Targets

    • Target

      c31aa437e446542d7c10994d4817b630N.exe

    • Size

      164KB

    • MD5

      c31aa437e446542d7c10994d4817b630

    • SHA1

      42164bd21b4dbdd669787385dff586a13fd6f874

    • SHA256

      33b250020e9c3cde0255c679760f57ce070b82f63033502d73e4b5beb662c234

    • SHA512

      d42c6b70e9d17872269bc3653f487a2d810739b925bc06da495cee867ea635adf460072b23a876ea2f92a518b7127f77374052ce326c9eeb57e1bec7edcd6ece

    • SSDEEP

      1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqs5YAfT55RdRkA8K3SObaw:FW+1oS4l5OeuQdrmwvL8EqbAJKiomeA

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks