General

  • Target

    c5e27b41da3a34de8337f93a0bbd93a5_JaffaCakes118

  • Size

    14KB

  • Sample

    240827-2sl6caxcrq

  • MD5

    c5e27b41da3a34de8337f93a0bbd93a5

  • SHA1

    d5cd044abf022f85eb0d7a8c6cb041d8d6d6084d

  • SHA256

    dc847a5589226f18ef694836af8c8f7b52d08e7096e8358220e66647833ed28c

  • SHA512

    6b09376e183d25cbb3be59feea7398a8dceaf6b497fcfd9cfade7412988d10f9af9035b43f1b7b7cee3bc7035795614599500211e5e3e41e4a52697a1b4ca285

  • SSDEEP

    384:c04Vfdj9JT9uxRgZGz0glhPuDWWx3fT3bE:ydfTIvWo

Malware Config

Targets

    • Target

      c5e27b41da3a34de8337f93a0bbd93a5_JaffaCakes118

    • Size

      14KB

    • MD5

      c5e27b41da3a34de8337f93a0bbd93a5

    • SHA1

      d5cd044abf022f85eb0d7a8c6cb041d8d6d6084d

    • SHA256

      dc847a5589226f18ef694836af8c8f7b52d08e7096e8358220e66647833ed28c

    • SHA512

      6b09376e183d25cbb3be59feea7398a8dceaf6b497fcfd9cfade7412988d10f9af9035b43f1b7b7cee3bc7035795614599500211e5e3e41e4a52697a1b4ca285

    • SSDEEP

      384:c04Vfdj9JT9uxRgZGz0glhPuDWWx3fT3bE:ydfTIvWo

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks