General

  • Target

    cb25a65c272d41a5cb0c040c7de094d0_JaffaCakes118

  • Size

    13KB

  • Sample

    240830-s83nlasard

  • MD5

    cb25a65c272d41a5cb0c040c7de094d0

  • SHA1

    74e0284ed506503dab57c5b39fc02a3af31993f2

  • SHA256

    c4c15502881f76eb0ff75c96fc2d4c7e3d49971d25a83ba38597a2e73246b566

  • SHA512

    fceb4806b0a3b037d7f8658e5275a52a9376545e9b0e83f7da7f38988e51e95a261c8b1c897187c30475955c166f671694b66c2d4fd29e24a1421b7b0e070ba8

  • SSDEEP

    384:ELOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FYN:1Sagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      cb25a65c272d41a5cb0c040c7de094d0_JaffaCakes118

    • Size

      13KB

    • MD5

      cb25a65c272d41a5cb0c040c7de094d0

    • SHA1

      74e0284ed506503dab57c5b39fc02a3af31993f2

    • SHA256

      c4c15502881f76eb0ff75c96fc2d4c7e3d49971d25a83ba38597a2e73246b566

    • SHA512

      fceb4806b0a3b037d7f8658e5275a52a9376545e9b0e83f7da7f38988e51e95a261c8b1c897187c30475955c166f671694b66c2d4fd29e24a1421b7b0e070ba8

    • SSDEEP

      384:ELOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FYN:1Sagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks