General

  • Target

    c7ff9151610278eda787a9a2e96358ae_JaffaCakes118

  • Size

    13KB

  • Sample

    240829-bwpgrsxamf

  • MD5

    c7ff9151610278eda787a9a2e96358ae

  • SHA1

    b0fa605440b1a8755db8fa11626d4a34e06f15e1

  • SHA256

    09ce614f5c066f30148bb2d9beb6ab34dc42679bd40ec83aa5ec642fafc30d7e

  • SHA512

    1cdcd752196a7367dcba56d530f3f024c123468827b8a33baabe24965fee5bfba9a959f6755640a6b976127e58222b4e2f7db3eb0db0c3ca0c23a5f94141c32f

  • SSDEEP

    384:XgLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:hSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      c7ff9151610278eda787a9a2e96358ae_JaffaCakes118

    • Size

      13KB

    • MD5

      c7ff9151610278eda787a9a2e96358ae

    • SHA1

      b0fa605440b1a8755db8fa11626d4a34e06f15e1

    • SHA256

      09ce614f5c066f30148bb2d9beb6ab34dc42679bd40ec83aa5ec642fafc30d7e

    • SHA512

      1cdcd752196a7367dcba56d530f3f024c123468827b8a33baabe24965fee5bfba9a959f6755640a6b976127e58222b4e2f7db3eb0db0c3ca0c23a5f94141c32f

    • SSDEEP

      384:XgLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:hSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks