General

  • Target

    2bcf3b5b3d620b9d0e01fe8ea3470f50N.exe

  • Size

    186KB

  • Sample

    240906-xxdybatclp

  • MD5

    2bcf3b5b3d620b9d0e01fe8ea3470f50

  • SHA1

    c9b50a3118c95ecc901078b36c0236fe240a87d6

  • SHA256

    069a2c1557a7ecf1526cec8733dfcd9fddc0a5a74a9ea738b43b8a906c67bd30

  • SHA512

    3438c21dcd525f44d29afb0f562e1a527a1ca1b01848933c64211bd4953642a9e299d39b3429f5a99c66d5b42d95d5f739962d74730a5dccf926323a4b114081

  • SSDEEP

    1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqYPI4:FW+1oS4l5OeuQdrmwvL8EqkI4

Malware Config

Targets

    • Target

      2bcf3b5b3d620b9d0e01fe8ea3470f50N.exe

    • Size

      186KB

    • MD5

      2bcf3b5b3d620b9d0e01fe8ea3470f50

    • SHA1

      c9b50a3118c95ecc901078b36c0236fe240a87d6

    • SHA256

      069a2c1557a7ecf1526cec8733dfcd9fddc0a5a74a9ea738b43b8a906c67bd30

    • SHA512

      3438c21dcd525f44d29afb0f562e1a527a1ca1b01848933c64211bd4953642a9e299d39b3429f5a99c66d5b42d95d5f739962d74730a5dccf926323a4b114081

    • SSDEEP

      1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqYPI4:FW+1oS4l5OeuQdrmwvL8EqkI4

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks