General

  • Target

    2bfc823922528e0c2d6706c39c3a9770fdd1285cd15c648e026105aad62cf8a4

  • Size

    167KB

  • Sample

    240903-yrl76svhrq

  • MD5

    05aefe863da3a8626571e1fbe0624b0c

  • SHA1

    f70b86c34bfb5e56131f5fa9831f256038845828

  • SHA256

    2bfc823922528e0c2d6706c39c3a9770fdd1285cd15c648e026105aad62cf8a4

  • SHA512

    208c5171f376d52a80e3b1ec5b5b29e73d38219d720d18554771fbdcbb52bc00376def17e000a6e85aeef209c912503e2c3e5900477f53c6834dfbebb3aa820a

  • SSDEEP

    3072:2++TFnoWTTYBB1hHgN1AnqqfdaWrB3taW:VuFyBDhHgPAnNlaW

Malware Config

Targets

    • Target

      2bfc823922528e0c2d6706c39c3a9770fdd1285cd15c648e026105aad62cf8a4

    • Size

      167KB

    • MD5

      05aefe863da3a8626571e1fbe0624b0c

    • SHA1

      f70b86c34bfb5e56131f5fa9831f256038845828

    • SHA256

      2bfc823922528e0c2d6706c39c3a9770fdd1285cd15c648e026105aad62cf8a4

    • SHA512

      208c5171f376d52a80e3b1ec5b5b29e73d38219d720d18554771fbdcbb52bc00376def17e000a6e85aeef209c912503e2c3e5900477f53c6834dfbebb3aa820a

    • SSDEEP

      3072:2++TFnoWTTYBB1hHgN1AnqqfdaWrB3taW:VuFyBDhHgPAnNlaW

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks