General

  • Target

    c11bf6403026310b583c178db799ed61_JaffaCakes118

  • Size

    13KB

  • Sample

    240825-tnelpssfpf

  • MD5

    c11bf6403026310b583c178db799ed61

  • SHA1

    15bb64141a2952896a9877e6273b3f280977fda8

  • SHA256

    222d13c674864794787779547eec0df78bf0b2eb0bce58f7500140ff687c9880

  • SHA512

    99e42f0e71dc6695437d93796df32d9ccb2e56f68ca149b5301537c5b911822f3ccf7d87ac17b4eb91a35dfbcde16927f6e1d4fc56f01c91e953136735e2cbfc

  • SSDEEP

    192:lyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:o04Vfdj9JT9uxRgZGz0glhPuDWWx3f

Malware Config

Targets

    • Target

      c11bf6403026310b583c178db799ed61_JaffaCakes118

    • Size

      13KB

    • MD5

      c11bf6403026310b583c178db799ed61

    • SHA1

      15bb64141a2952896a9877e6273b3f280977fda8

    • SHA256

      222d13c674864794787779547eec0df78bf0b2eb0bce58f7500140ff687c9880

    • SHA512

      99e42f0e71dc6695437d93796df32d9ccb2e56f68ca149b5301537c5b911822f3ccf7d87ac17b4eb91a35dfbcde16927f6e1d4fc56f01c91e953136735e2cbfc

    • SSDEEP

      192:lyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:o04Vfdj9JT9uxRgZGz0glhPuDWWx3f

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks