General

  • Target

    ccfee9b6d0f7751356ebe26987c2467a_JaffaCakes118

  • Size

    13KB

  • Sample

    240831-r2bqvsyeja

  • MD5

    ccfee9b6d0f7751356ebe26987c2467a

  • SHA1

    ce9da6687de8889c58478edea203edae722e75d8

  • SHA256

    46e17503c606aa4e3e5d4e0ec8b94d62d76e01546e3a1d5b72c1e1c94f9a0b32

  • SHA512

    5a43a71c10f436a4d4b8274b3804b8083578a10e4d0c63811d0c32f6e93aeebe957605f6a4cf19bdfd07412a46bad3054c36c1b7dab590a30dc8dff479c900a1

  • SSDEEP

    384:ULOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FYk:lSagh0Qu1UkKE7AFl

Malware Config

Targets

    • Target

      ccfee9b6d0f7751356ebe26987c2467a_JaffaCakes118

    • Size

      13KB

    • MD5

      ccfee9b6d0f7751356ebe26987c2467a

    • SHA1

      ce9da6687de8889c58478edea203edae722e75d8

    • SHA256

      46e17503c606aa4e3e5d4e0ec8b94d62d76e01546e3a1d5b72c1e1c94f9a0b32

    • SHA512

      5a43a71c10f436a4d4b8274b3804b8083578a10e4d0c63811d0c32f6e93aeebe957605f6a4cf19bdfd07412a46bad3054c36c1b7dab590a30dc8dff479c900a1

    • SSDEEP

      384:ULOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FYk:lSagh0Qu1UkKE7AFl

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks