General

  • Target

    c1ef9e3c1c91a11589eeb85e95c3a5f9_JaffaCakes118

  • Size

    13KB

  • Sample

    240826-a2r96swgqp

  • MD5

    c1ef9e3c1c91a11589eeb85e95c3a5f9

  • SHA1

    df7cf6086c6f639621fd99b3b5f39d74666c2f4f

  • SHA256

    d43ea0a72bfa7996b07d60d536697826ece3ac1f3d1fd0a92f6ec382df085d00

  • SHA512

    db09f21e76b93a9a489d505fe9266f1a385e10ef7ea601e9543088d1e185f58c0e586f842f7c1548ffcd1b09d4cb2f22e6fa3d2caba9c3ee2066ac50bfcb80db

  • SSDEEP

    384:mLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:jSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      c1ef9e3c1c91a11589eeb85e95c3a5f9_JaffaCakes118

    • Size

      13KB

    • MD5

      c1ef9e3c1c91a11589eeb85e95c3a5f9

    • SHA1

      df7cf6086c6f639621fd99b3b5f39d74666c2f4f

    • SHA256

      d43ea0a72bfa7996b07d60d536697826ece3ac1f3d1fd0a92f6ec382df085d00

    • SHA512

      db09f21e76b93a9a489d505fe9266f1a385e10ef7ea601e9543088d1e185f58c0e586f842f7c1548ffcd1b09d4cb2f22e6fa3d2caba9c3ee2066ac50bfcb80db

    • SSDEEP

      384:mLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:jSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks