General

  • Target

    c15d281d583f918948019b7adf854c3b_JaffaCakes118

  • Size

    85KB

  • Sample

    240825-xjx42a1bnp

  • MD5

    c15d281d583f918948019b7adf854c3b

  • SHA1

    1d8b23bbbd53fa3d543c97cd3d60e8d5d4bbe1c5

  • SHA256

    4ea7281cc8151dce56294dc81800d3084d255cf21aefb00fe2133a71a19600a5

  • SHA512

    477e669eecad4bbed45cfeba97e8ffe7f482516287f8bcc943a9c9386a72dd4ddbec4204e69d4a31aad1af589231008c344fea09930e89f98be47cae554aa59c

  • SSDEEP

    1536:WmUnOjOfIknhSRlfmclehkyDdN2u21xiCXi55zv62:WbnOjmhSTZ4iyhku21gbHe

Malware Config

Targets

    • Target

      c15d281d583f918948019b7adf854c3b_JaffaCakes118

    • Size

      85KB

    • MD5

      c15d281d583f918948019b7adf854c3b

    • SHA1

      1d8b23bbbd53fa3d543c97cd3d60e8d5d4bbe1c5

    • SHA256

      4ea7281cc8151dce56294dc81800d3084d255cf21aefb00fe2133a71a19600a5

    • SHA512

      477e669eecad4bbed45cfeba97e8ffe7f482516287f8bcc943a9c9386a72dd4ddbec4204e69d4a31aad1af589231008c344fea09930e89f98be47cae554aa59c

    • SSDEEP

      1536:WmUnOjOfIknhSRlfmclehkyDdN2u21xiCXi55zv62:WbnOjmhSTZ4iyhku21gbHe

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks