General

  • Target

    bf60f5b5c901bab08484838447f1b85e_JaffaCakes118

  • Size

    64KB

  • Sample

    240824-zlvssszgrj

  • MD5

    bf60f5b5c901bab08484838447f1b85e

  • SHA1

    d59a349ead00876fbbebb08ea80420125b7a02f3

  • SHA256

    fb4321c5c081ab551339ea9b2e491eea56543a02812d43ecd7803f37e14b117f

  • SHA512

    2d24c55e6ef17ddfa62ab24942c59d73987dcdeb34d2276bf19c634d657c3572fec0249117a6b9a10727ce1937c64996c0b7a4c83eb27eac3c460d7d683ea5da

  • SSDEEP

    1536:KERZOl+e4pCXnUt23lzjzr8JuJCXqPra6:3CLnUt2Z8fqPG6

Malware Config

Targets

    • Target

      bf60f5b5c901bab08484838447f1b85e_JaffaCakes118

    • Size

      64KB

    • MD5

      bf60f5b5c901bab08484838447f1b85e

    • SHA1

      d59a349ead00876fbbebb08ea80420125b7a02f3

    • SHA256

      fb4321c5c081ab551339ea9b2e491eea56543a02812d43ecd7803f37e14b117f

    • SHA512

      2d24c55e6ef17ddfa62ab24942c59d73987dcdeb34d2276bf19c634d657c3572fec0249117a6b9a10727ce1937c64996c0b7a4c83eb27eac3c460d7d683ea5da

    • SSDEEP

      1536:KERZOl+e4pCXnUt23lzjzr8JuJCXqPra6:3CLnUt2Z8fqPG6

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks