Overview

overview

10

Static

static

3

34b772f806...18.exe

windows7-x64

10

34b772f806...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34b772f806fda7538c5a7c2323d31f58_JaffaCakes118

  • Size

    33KB

  • Sample

    241011-pcrpns1flf

  • MD5

    34b772f806fda7538c5a7c2323d31f58

  • SHA1

    b1e8832062b3626050860e1408bba9783964e6a7

  • SHA256

    e30c91a7c37687e5e8305e0b8936ad84d0710ecca9cba7e0d6e07c963f6f9fdb

  • SHA512

    49bc2f24c6836abcdf91c1eac89c49118c17f9931e88ce391fb44cc43e6f6e29f384914f9f1256ac11f542a1866d0edd94542bc958dfc48087cbed08722bba8f

  • SSDEEP

    768:/qK7XgI2RYMMDHjvEXRYJ+ipe9sNuMGMWU8roFjl/zq3:yKKYMMHYRYJ+ipeDlU8snzq3

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      34b772f806fda7538c5a7c2323d31f58_JaffaCakes118

    • Size

      33KB

    • MD5

      34b772f806fda7538c5a7c2323d31f58

    • SHA1

      b1e8832062b3626050860e1408bba9783964e6a7

    • SHA256

      e30c91a7c37687e5e8305e0b8936ad84d0710ecca9cba7e0d6e07c963f6f9fdb

    • SHA512

      49bc2f24c6836abcdf91c1eac89c49118c17f9931e88ce391fb44cc43e6f6e29f384914f9f1256ac11f542a1866d0edd94542bc958dfc48087cbed08722bba8f

    • SSDEEP

      768:/qK7XgI2RYMMDHjvEXRYJ+ipe9sNuMGMWU8roFjl/zq3:yKKYMMHYRYJ+ipeDlU8snzq3

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks