Overview

overview

10

Static

static

1

303ff17783...9N.exe

windows7-x64

10

303ff17783...9N.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    303ff1778370e950a3a1bc4a099425803beb0ff4b6fa38c1e6fb5ca406f302f9N

  • Size

    80KB

  • Sample

    241014-gglefsvdpr

  • MD5

    2c5fec5355440d18348c58d686a70ac0

  • SHA1

    6148e80b671ca182ea4a700594f50e642f788b18

  • SHA256

    303ff1778370e950a3a1bc4a099425803beb0ff4b6fa38c1e6fb5ca406f302f9

  • SHA512

    55bd4ea2abb02952f6d10152b5f2664ad355f62d87c8e4d29b0df1d25a7e461bcee74107597815934b4623a3488f2461ea1e6766729dfc97b2eb6ad9f39245b9

  • SSDEEP

    1536:kK1aXoacgAUBA2qg7itNJrvQsIrMDfLhISJQqjekvS:kXXnDOzg7itNFjICfJJljeka

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      303ff1778370e950a3a1bc4a099425803beb0ff4b6fa38c1e6fb5ca406f302f9N

    • Size

      80KB

    • MD5

      2c5fec5355440d18348c58d686a70ac0

    • SHA1

      6148e80b671ca182ea4a700594f50e642f788b18

    • SHA256

      303ff1778370e950a3a1bc4a099425803beb0ff4b6fa38c1e6fb5ca406f302f9

    • SHA512

      55bd4ea2abb02952f6d10152b5f2664ad355f62d87c8e4d29b0df1d25a7e461bcee74107597815934b4623a3488f2461ea1e6766729dfc97b2eb6ad9f39245b9

    • SSDEEP

      1536:kK1aXoacgAUBA2qg7itNJrvQsIrMDfLhISJQqjekvS:kXXnDOzg7itNFjICfJJljeka

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks