General

  • Target

    fc00b22cba73518d8307e0302ba9f360N.exe

  • Size

    284KB

  • Sample

    240905-t9sqfsvenj

  • MD5

    fc00b22cba73518d8307e0302ba9f360

  • SHA1

    03ddc26ecf6daf22073e723784e6d71e144daa55

  • SHA256

    596f30efc4fd623a922f465c932895b9cd50b882e4319f056cccdc9975bfc1e0

  • SHA512

    96238759fd7fcda1c3d91d49a819102acd88b935c9de9c352db99b2f9da29c315af979dc57e6840f66f534f6c1a1ebbcb71bfad150de0f687da0a417a9b8be2f

  • SSDEEP

    3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

Malware Config

Targets

    • Target

      fc00b22cba73518d8307e0302ba9f360N.exe

    • Size

      284KB

    • MD5

      fc00b22cba73518d8307e0302ba9f360

    • SHA1

      03ddc26ecf6daf22073e723784e6d71e144daa55

    • SHA256

      596f30efc4fd623a922f465c932895b9cd50b882e4319f056cccdc9975bfc1e0

    • SHA512

      96238759fd7fcda1c3d91d49a819102acd88b935c9de9c352db99b2f9da29c315af979dc57e6840f66f534f6c1a1ebbcb71bfad150de0f687da0a417a9b8be2f

    • SSDEEP

      3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks