General

  • Target

    d057eba5efb4cd4e08f2ec6f2f857a5e_JaffaCakes118

  • Size

    64KB

  • Sample

    240906-ym6q1svemq

  • MD5

    d057eba5efb4cd4e08f2ec6f2f857a5e

  • SHA1

    83a0fe355bf515b774dbe46a9c8512674bf0394e

  • SHA256

    4d2c05d9341274e2b2e474438b45c8614e79e4173478e4e646b8fdd5229893fb

  • SHA512

    68eb09bac21f158697bc39fd0ee166fdc630c719ae7d2c8955ba660dd25a4c42abfda89d76d3164dd415420c952e9aa36057b7b81f3d9d6c6b49f6d4a768b3af

  • SSDEEP

    768:EW3QCuYF4uxTBhtLoJFuJED3AnrD0NBHdqyUjmQ48sxbctIlgyh2ZyB7YhwAFv:EW3QZTYftGesjFQ4/ZcYzMZ/wAFv

Malware Config

Targets

    • Target

      d057eba5efb4cd4e08f2ec6f2f857a5e_JaffaCakes118

    • Size

      64KB

    • MD5

      d057eba5efb4cd4e08f2ec6f2f857a5e

    • SHA1

      83a0fe355bf515b774dbe46a9c8512674bf0394e

    • SHA256

      4d2c05d9341274e2b2e474438b45c8614e79e4173478e4e646b8fdd5229893fb

    • SHA512

      68eb09bac21f158697bc39fd0ee166fdc630c719ae7d2c8955ba660dd25a4c42abfda89d76d3164dd415420c952e9aa36057b7b81f3d9d6c6b49f6d4a768b3af

    • SSDEEP

      768:EW3QCuYF4uxTBhtLoJFuJED3AnrD0NBHdqyUjmQ48sxbctIlgyh2ZyB7YhwAFv:EW3QZTYftGesjFQ4/ZcYzMZ/wAFv

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks