General

  • Target

    beb8486a29c74ea66b90cdcea3d319f3_JaffaCakes118

  • Size

    50KB

  • Sample

    240824-q36f7asgnc

  • MD5

    beb8486a29c74ea66b90cdcea3d319f3

  • SHA1

    ea04fe59cc7a10d2d0742e888e2a60ebe82b061b

  • SHA256

    49ed942b0ec650b40c91a1a8715a4ee887d95f7dd78325b1b5702186635a9672

  • SHA512

    5c85b3a556043faaacfa6a837acfdde71bfb9235b88e5c78cf0d60ba9fc673babd917ddec5c4bcf935102cc335d357e6c66330d16256f2e69ae860cd2a1b9318

  • SSDEEP

    768:xX5u0tTwO1cZq7zHt3JDf8PKFFxOw4Dt5z6ofmKAyXXo/yjOKK3vTBFa0EDj9mK:K0T3mqtLkjPffmKbY/aYtY1mK

Malware Config

Targets

    • Target

      beb8486a29c74ea66b90cdcea3d319f3_JaffaCakes118

    • Size

      50KB

    • MD5

      beb8486a29c74ea66b90cdcea3d319f3

    • SHA1

      ea04fe59cc7a10d2d0742e888e2a60ebe82b061b

    • SHA256

      49ed942b0ec650b40c91a1a8715a4ee887d95f7dd78325b1b5702186635a9672

    • SHA512

      5c85b3a556043faaacfa6a837acfdde71bfb9235b88e5c78cf0d60ba9fc673babd917ddec5c4bcf935102cc335d357e6c66330d16256f2e69ae860cd2a1b9318

    • SSDEEP

      768:xX5u0tTwO1cZq7zHt3JDf8PKFFxOw4Dt5z6ofmKAyXXo/yjOKK3vTBFa0EDj9mK:K0T3mqtLkjPffmKbY/aYtY1mK

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks