General

  • Target

    c79e7d25aae7bb3ea2bc3eee1b5d17a6_JaffaCakes118

  • Size

    13KB

  • Sample

    240828-zjznzaxbmj

  • MD5

    c79e7d25aae7bb3ea2bc3eee1b5d17a6

  • SHA1

    8be88f66e9227fac25f9e16fc49b89011ad908eb

  • SHA256

    b1333b629573406bc2b102e64899fc993d79b2c67ea75b4a3efff23d8e2acc1e

  • SHA512

    2b730ca39c769e5d7795c633f940acf71c059eb9e9288405c48a8f11f2a940d8e16e8a17392eda53d0af90f8dae29ec7229a3bf1649c5799ee23d484a650d480

  • SSDEEP

    384:7LOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:oSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      c79e7d25aae7bb3ea2bc3eee1b5d17a6_JaffaCakes118

    • Size

      13KB

    • MD5

      c79e7d25aae7bb3ea2bc3eee1b5d17a6

    • SHA1

      8be88f66e9227fac25f9e16fc49b89011ad908eb

    • SHA256

      b1333b629573406bc2b102e64899fc993d79b2c67ea75b4a3efff23d8e2acc1e

    • SHA512

      2b730ca39c769e5d7795c633f940acf71c059eb9e9288405c48a8f11f2a940d8e16e8a17392eda53d0af90f8dae29ec7229a3bf1649c5799ee23d484a650d480

    • SSDEEP

      384:7LOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:oSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks