Overview

overview

10

Static

static

3

3a35427455...18.exe

windows7-x64

10

3a35427455...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a3542745518e3b42f4d24429ed7f580_JaffaCakes118

  • Size

    114KB

  • Sample

    241012-qhlahswhjp

  • MD5

    3a3542745518e3b42f4d24429ed7f580

  • SHA1

    f819d7244c43adfe489cb8e5f9d547486e4dba9e

  • SHA256

    2aa81aa02e8f0d56ef6c3c677ad72e412a79d94714b155df4f1fa995afcf5f24

  • SHA512

    f1728a72d6ebec5379dbad3403595603b696367c452630c74252b93ead63ccf7d491f4c694db80e43f8d9aa6a14b20c0133236d008744e5d662920cf6a9aa8f2

  • SSDEEP

    1536:yoW8rAbeom6UB3cLo5KdaCYndoQAgtjz5HWoVSdFbzWOcs+NI5DBT/0:mqomBcL6doSRz5Ki

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      3a3542745518e3b42f4d24429ed7f580_JaffaCakes118

    • Size

      114KB

    • MD5

      3a3542745518e3b42f4d24429ed7f580

    • SHA1

      f819d7244c43adfe489cb8e5f9d547486e4dba9e

    • SHA256

      2aa81aa02e8f0d56ef6c3c677ad72e412a79d94714b155df4f1fa995afcf5f24

    • SHA512

      f1728a72d6ebec5379dbad3403595603b696367c452630c74252b93ead63ccf7d491f4c694db80e43f8d9aa6a14b20c0133236d008744e5d662920cf6a9aa8f2

    • SSDEEP

      1536:yoW8rAbeom6UB3cLo5KdaCYndoQAgtjz5HWoVSdFbzWOcs+NI5DBT/0:mqomBcL6doSRz5Ki

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks