General

  • Target

    c1ef56cc78d5178d3c655e9cd8a7f811_JaffaCakes118

  • Size

    13KB

  • Sample

    240826-a2k6vswgqj

  • MD5

    c1ef56cc78d5178d3c655e9cd8a7f811

  • SHA1

    83b374e767c1aae8126b1c61551903ccef128283

  • SHA256

    918ac67b6307be0cc649387481107844b4549363109d469c5e39197be29319ea

  • SHA512

    315dd3b934bf7da47e0d47ffc0e853e8f95340bbde3493d19fec99d1ff0ebb9957e4562d26d58309403f30c025e442672bcd7ef473fff0393d9ba22612a3a3c3

  • SSDEEP

    384:b0mdfzQMfTq8cPfxUJ/MOg0U7FrSGs3JqkBIPU2zy0:5LQMrS3ZSB3JJIR+0

Malware Config

Targets

    • Target

      c1ef56cc78d5178d3c655e9cd8a7f811_JaffaCakes118

    • Size

      13KB

    • MD5

      c1ef56cc78d5178d3c655e9cd8a7f811

    • SHA1

      83b374e767c1aae8126b1c61551903ccef128283

    • SHA256

      918ac67b6307be0cc649387481107844b4549363109d469c5e39197be29319ea

    • SHA512

      315dd3b934bf7da47e0d47ffc0e853e8f95340bbde3493d19fec99d1ff0ebb9957e4562d26d58309403f30c025e442672bcd7ef473fff0393d9ba22612a3a3c3

    • SSDEEP

      384:b0mdfzQMfTq8cPfxUJ/MOg0U7FrSGs3JqkBIPU2zy0:5LQMrS3ZSB3JJIR+0

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks