General

  • Target

    beec20b0093e341b12889ebfe06c6c30_JaffaCakes118

  • Size

    13KB

  • Sample

    240824-s7qyeaygpk

  • MD5

    beec20b0093e341b12889ebfe06c6c30

  • SHA1

    1271373683832dcf5cab71c646004ff730176953

  • SHA256

    54fc44699250fd6d1d3d30a9aa79ba8cf198efd5fd2b9c6aed2a1d6419537fa0

  • SHA512

    9499832122cab005be082a6e0ed8fadf4f919710ce3d10c5b37e6c1142fe79b15e2c0eaec3c9583fa7644cd9159e8dfabbabefe4332eab5829f5347655fbb6d1

  • SSDEEP

    384:LLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FYR:YSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      beec20b0093e341b12889ebfe06c6c30_JaffaCakes118

    • Size

      13KB

    • MD5

      beec20b0093e341b12889ebfe06c6c30

    • SHA1

      1271373683832dcf5cab71c646004ff730176953

    • SHA256

      54fc44699250fd6d1d3d30a9aa79ba8cf198efd5fd2b9c6aed2a1d6419537fa0

    • SHA512

      9499832122cab005be082a6e0ed8fadf4f919710ce3d10c5b37e6c1142fe79b15e2c0eaec3c9583fa7644cd9159e8dfabbabefe4332eab5829f5347655fbb6d1

    • SSDEEP

      384:LLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FYR:YSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks