General

  • Target

    c4ba89e37b9f670c66979762faf0a6f2_JaffaCakes118

  • Size

    86KB

  • Sample

    240827-lfc4xatflh

  • MD5

    c4ba89e37b9f670c66979762faf0a6f2

  • SHA1

    362825697298a53813a8472503617c5d8693faef

  • SHA256

    683f5edb11751b9f5ba161d7a6313bace2f6b504388ccad6b3d145ac6b779c99

  • SHA512

    9a7ef024e485f1ce6d45ab2f4ed7a60f3000856d5d2e70086866b9d168bb1cfcc115ec59da5b91f4513a087f840de52564845c81019e7283340f8a741b235e4b

  • SSDEEP

    1536:mVAIIeDcZJX9nSYVPPdYyYVWuTtelfmclehkyGlLfpL6pD4D7Lxr:r+DSxdYy4WuTtGZ4iyALfpLG4tr

Malware Config

Targets

    • Target

      c4ba89e37b9f670c66979762faf0a6f2_JaffaCakes118

    • Size

      86KB

    • MD5

      c4ba89e37b9f670c66979762faf0a6f2

    • SHA1

      362825697298a53813a8472503617c5d8693faef

    • SHA256

      683f5edb11751b9f5ba161d7a6313bace2f6b504388ccad6b3d145ac6b779c99

    • SHA512

      9a7ef024e485f1ce6d45ab2f4ed7a60f3000856d5d2e70086866b9d168bb1cfcc115ec59da5b91f4513a087f840de52564845c81019e7283340f8a741b235e4b

    • SSDEEP

      1536:mVAIIeDcZJX9nSYVPPdYyYVWuTtelfmclehkyGlLfpL6pD4D7Lxr:r+DSxdYy4WuTtGZ4iyALfpLG4tr

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks