General

  • Target

    1004d58f6477c5e6f2dabff761594450N.exe

  • Size

    905KB

  • Sample

    240824-v677ea1gjb

  • MD5

    1004d58f6477c5e6f2dabff761594450

  • SHA1

    9b9b0d3df4c9f9eaf006de136bbc0c808d3314d4

  • SHA256

    cf188b805dce1d9843af710197f760bce3caccf0aa832a4d45e110306b0c2286

  • SHA512

    82c99339bd3c4d2b4a5926166923853f0c1f3ee7586d479a8200ea77e6b0474ad9eadce06652a75418f637f4270ace2b7e447f74e712ca660c236241d006b344

  • SSDEEP

    12288:WhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a3xjGryvCf1WuFFRT+:GRmJkcoQricOIQxiZY1ia3J56fEu5

Malware Config

Targets

    • Target

      1004d58f6477c5e6f2dabff761594450N.exe

    • Size

      905KB

    • MD5

      1004d58f6477c5e6f2dabff761594450

    • SHA1

      9b9b0d3df4c9f9eaf006de136bbc0c808d3314d4

    • SHA256

      cf188b805dce1d9843af710197f760bce3caccf0aa832a4d45e110306b0c2286

    • SHA512

      82c99339bd3c4d2b4a5926166923853f0c1f3ee7586d479a8200ea77e6b0474ad9eadce06652a75418f637f4270ace2b7e447f74e712ca660c236241d006b344

    • SSDEEP

      12288:WhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a3xjGryvCf1WuFFRT+:GRmJkcoQricOIQxiZY1ia3J56fEu5

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks