General

  • Target

    fbbdb02b5d2763274feddde6ae15b400N

  • Size

    88KB

  • Sample

    240826-bvaxzsyfjp

  • MD5

    fbbdb02b5d2763274feddde6ae15b400

  • SHA1

    f49d5b97e1baa9fdaf1001648dd4b1eb2ca567f5

  • SHA256

    ad03a7b398a1f131dc9e28acdf6513be02dabb2f191647fc0e41aa58dd18937e

  • SHA512

    f552a8258f1a50c9c1fa97609a155401580d2d7f58810e758f40f953b4886bff22394a14d4d61eace301783c8aaa5c33c113bb7d0806317944b7cdf2d94a6984

  • SSDEEP

    1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yER:6D0ctAVA/bmxIMnoKjyR/NR

Malware Config

Targets

    • Target

      fbbdb02b5d2763274feddde6ae15b400N

    • Size

      88KB

    • MD5

      fbbdb02b5d2763274feddde6ae15b400

    • SHA1

      f49d5b97e1baa9fdaf1001648dd4b1eb2ca567f5

    • SHA256

      ad03a7b398a1f131dc9e28acdf6513be02dabb2f191647fc0e41aa58dd18937e

    • SHA512

      f552a8258f1a50c9c1fa97609a155401580d2d7f58810e758f40f953b4886bff22394a14d4d61eace301783c8aaa5c33c113bb7d0806317944b7cdf2d94a6984

    • SSDEEP

      1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yER:6D0ctAVA/bmxIMnoKjyR/NR

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks