General

  • Target

    cc5d8b4eb46b9ca87136aa09ea0ca6ba_JaffaCakes118

  • Size

    14KB

  • Sample

    240831-hbx2qszgmp

  • MD5

    cc5d8b4eb46b9ca87136aa09ea0ca6ba

  • SHA1

    37fb84cdf0e2264758f0a0c66db9fec31e14cca3

  • SHA256

    3270e50dae269a9b2e4d06bc7cbedd64aa040dfa606f76cb189200601585990b

  • SHA512

    3ef2cc2826ca4a2109675b8dad19ef38b7b234d3e7785492a42dee804d26b0344dda63b7c80b0e1cf8876a8c0d5e2051b66292fd7925a8d1f3448ece9bc9f6eb

  • SSDEEP

    384:t04Vfdj9JT9uxRgZGz0glhPuDWWx3f9vX:ldfTIvOvX

Malware Config

Targets

    • Target

      cc5d8b4eb46b9ca87136aa09ea0ca6ba_JaffaCakes118

    • Size

      14KB

    • MD5

      cc5d8b4eb46b9ca87136aa09ea0ca6ba

    • SHA1

      37fb84cdf0e2264758f0a0c66db9fec31e14cca3

    • SHA256

      3270e50dae269a9b2e4d06bc7cbedd64aa040dfa606f76cb189200601585990b

    • SHA512

      3ef2cc2826ca4a2109675b8dad19ef38b7b234d3e7785492a42dee804d26b0344dda63b7c80b0e1cf8876a8c0d5e2051b66292fd7925a8d1f3448ece9bc9f6eb

    • SSDEEP

      384:t04Vfdj9JT9uxRgZGz0glhPuDWWx3f9vX:ldfTIvOvX

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks