General

  • Target

    c780dc7f6bc08f29480be0a535f2e5bb_JaffaCakes118

  • Size

    13KB

  • Sample

    240828-x6c3dasbjh

  • MD5

    c780dc7f6bc08f29480be0a535f2e5bb

  • SHA1

    89bfa4c8a6d5552b57263d8965d74b302df8b92e

  • SHA256

    4339d0d1077329a093a56ca9588d133fd397e0794816dacd582cc34a56c246ee

  • SHA512

    4ecf6ddd75f45690a9dfdaa62b72350c63f7d9fa04861e92331b6d7aee8e7d7542bcb4e5f3e72126995e7f173ff3412e9f85ec566fc2946057c4d380e499e1e2

  • SSDEEP

    384:ZwLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:XSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      c780dc7f6bc08f29480be0a535f2e5bb_JaffaCakes118

    • Size

      13KB

    • MD5

      c780dc7f6bc08f29480be0a535f2e5bb

    • SHA1

      89bfa4c8a6d5552b57263d8965d74b302df8b92e

    • SHA256

      4339d0d1077329a093a56ca9588d133fd397e0794816dacd582cc34a56c246ee

    • SHA512

      4ecf6ddd75f45690a9dfdaa62b72350c63f7d9fa04861e92331b6d7aee8e7d7542bcb4e5f3e72126995e7f173ff3412e9f85ec566fc2946057c4d380e499e1e2

    • SSDEEP

      384:ZwLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:XSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks