General

  • Target

    da42bfefbb746470a72686594134c4f0N.exe

  • Size

    88KB

  • Sample

    240825-fpclvaxenr

  • MD5

    da42bfefbb746470a72686594134c4f0

  • SHA1

    81689318e37af3689a48395312519103c3a5b297

  • SHA256

    284251db61d9c4dc8a190b0b446daafcfbc727fc917308b4d6d49d398adebf4a

  • SHA512

    521c850a64cd7e9d18650419f22301f61fd7ca2e1b54b1e4553b54deb10951ee45313af688612edcefb17ee21cfb434aa034b2821313f7664b0d363046d50f25

  • SSDEEP

    1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yEY:6D0ctAVA/bmxIMnoKjyR/NY

Malware Config

Targets

    • Target

      da42bfefbb746470a72686594134c4f0N.exe

    • Size

      88KB

    • MD5

      da42bfefbb746470a72686594134c4f0

    • SHA1

      81689318e37af3689a48395312519103c3a5b297

    • SHA256

      284251db61d9c4dc8a190b0b446daafcfbc727fc917308b4d6d49d398adebf4a

    • SHA512

      521c850a64cd7e9d18650419f22301f61fd7ca2e1b54b1e4553b54deb10951ee45313af688612edcefb17ee21cfb434aa034b2821313f7664b0d363046d50f25

    • SSDEEP

      1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yEY:6D0ctAVA/bmxIMnoKjyR/NY

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks