General

  • Target

    bf22d2769ba6166619742f3837f4988d_JaffaCakes118

  • Size

    13KB

  • Sample

    240824-wce47stdqq

  • MD5

    bf22d2769ba6166619742f3837f4988d

  • SHA1

    b429658b669d26781f6644fde4b1ac2e89d2f997

  • SHA256

    3ace383c7b27f5b6e4b7b7b57239b44d822d7ba6a1b5ee4a04d60f6a397d8d1b

  • SHA512

    874233d8c2e57394fb1b6bd38680fa83f944fa77f4027fedc6c7f1daf715659376a7a00e4f47dbca05e8d1b6f6bab07b799ca4b626d3efa147bb5886823c856b

  • SSDEEP

    384:gLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:xSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      bf22d2769ba6166619742f3837f4988d_JaffaCakes118

    • Size

      13KB

    • MD5

      bf22d2769ba6166619742f3837f4988d

    • SHA1

      b429658b669d26781f6644fde4b1ac2e89d2f997

    • SHA256

      3ace383c7b27f5b6e4b7b7b57239b44d822d7ba6a1b5ee4a04d60f6a397d8d1b

    • SHA512

      874233d8c2e57394fb1b6bd38680fa83f944fa77f4027fedc6c7f1daf715659376a7a00e4f47dbca05e8d1b6f6bab07b799ca4b626d3efa147bb5886823c856b

    • SSDEEP

      384:gLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:xSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks