General

  • Target

    c7b28435ea73ca06b3154f32fb513ef8_JaffaCakes118

  • Size

    24KB

  • Sample

    240828-1k9q1axeqg

  • MD5

    c7b28435ea73ca06b3154f32fb513ef8

  • SHA1

    fc4527519915da6006c4d7f44fba4fbc01aedbf4

  • SHA256

    41e11c8bae6f51346da84349ca797f7d91c7ecf0f4e891186d5825d2c6996321

  • SHA512

    98a3ec33b0e6c6962efcbc615f4c8d9e8a3272b84535391aec2571aa0388fce3a886ec317b2d93cdc33e339f5f9130f4a413559d9f719f6f98c61c9fa92fd84b

  • SSDEEP

    384:T/ve65d3na6o8O5Iq6TPUksMkJf4xMXcqQIdWui4GGxGiPXi0kJYg5bnwnf8k0PQ:zd8g+Mq5tY4kegZn+Ejs

Malware Config

Targets

    • Target

      Picture20-JPG.scr

    • Size

      39KB

    • MD5

      a071609653f78272ecea87819d48a081

    • SHA1

      8fa0a50dee94d52fbde27b47803f748bf4ee2666

    • SHA256

      7062694caf4bf29b51393428d26ff4ddc00fc9ea7f2980a71ceb51f8c1fb2de8

    • SHA512

      1cc89e050a7a277bffd8ae3f93f36860ac67c0e84656bb6146aa6de97ab13ca6199c574ae7b88288c2aacd6d171c178dcc1ad11781748c1694b0da4650152d80

    • SSDEEP

      768:wBcfatSaOLS1rSc4+pzdCkYCJbiU32Vkj/EV399X8D:wuSkStSV+FdCVsBtcX8D

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks