General

  • Target

    cdb1f1fa5829fbc77edf545bb2b23999_JaffaCakes118

  • Size

    13KB

  • Sample

    240831-15w1msybpk

  • MD5

    cdb1f1fa5829fbc77edf545bb2b23999

  • SHA1

    bdef718775a776d425f6bec7fd7efa25a307e01f

  • SHA256

    12a421b983165144c7b2986a50acbb7e11898e7d4f59961522423f7fd0a4cd70

  • SHA512

    616219318736c9aa536d6e6c0cd4977a3b89345feb60a325fe6954e7407d7254e0798b90d6729ba5088fc29531779d3a36309cd9490c862eedcff4c271c32edc

  • SSDEEP

    384:9LOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:uSagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      cdb1f1fa5829fbc77edf545bb2b23999_JaffaCakes118

    • Size

      13KB

    • MD5

      cdb1f1fa5829fbc77edf545bb2b23999

    • SHA1

      bdef718775a776d425f6bec7fd7efa25a307e01f

    • SHA256

      12a421b983165144c7b2986a50acbb7e11898e7d4f59961522423f7fd0a4cd70

    • SHA512

      616219318736c9aa536d6e6c0cd4977a3b89345feb60a325fe6954e7407d7254e0798b90d6729ba5088fc29531779d3a36309cd9490c862eedcff4c271c32edc

    • SSDEEP

      384:9LOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:uSagh0Qu1UkKE7AF

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks