General

  • Target

    bbdf3e2b36371cefd0f69912f09f8ee0N.exe

  • Size

    284KB

  • Sample

    240827-pajlaazcqc

  • MD5

    bbdf3e2b36371cefd0f69912f09f8ee0

  • SHA1

    10e6a8fbb236e3713ec00f047160e91d0911edca

  • SHA256

    8ac34b41109839d7df80a6dd020fe4f61284344f279b476ef5157a7c731049e5

  • SHA512

    fa4b0fedf856cf7179d803a04e6ee1b274ec8d641d7bc3883c36112b96981f0661c33d7e7b28d89acbaa0e7cec82916aaf2f79e7883cdc83aa51e8b73d43a326

  • SSDEEP

    3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

Malware Config

Targets

    • Target

      bbdf3e2b36371cefd0f69912f09f8ee0N.exe

    • Size

      284KB

    • MD5

      bbdf3e2b36371cefd0f69912f09f8ee0

    • SHA1

      10e6a8fbb236e3713ec00f047160e91d0911edca

    • SHA256

      8ac34b41109839d7df80a6dd020fe4f61284344f279b476ef5157a7c731049e5

    • SHA512

      fa4b0fedf856cf7179d803a04e6ee1b274ec8d641d7bc3883c36112b96981f0661c33d7e7b28d89acbaa0e7cec82916aaf2f79e7883cdc83aa51e8b73d43a326

    • SSDEEP

      3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks