Overview

overview

10

Static

static

1

4377e63f9f...18.exe

windows7-x64

10

4377e63f9f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4377e63f9fdcef716ecb04c4a3f5bf51_JaffaCakes118

  • Size

    39KB

  • Sample

    241014-wj1pgsyala

  • MD5

    4377e63f9fdcef716ecb04c4a3f5bf51

  • SHA1

    9acb79f55a4be504e7916dcb9b14f88d5fede0a0

  • SHA256

    1339e5373cf92fd103b1809d5ab3cfc429ea381f8a3ae05e29a6b8704ba8cd25

  • SHA512

    efa326c5b14a5bc7024ed2094ed6bbcccfe493947265173832b9a8b9b3c658781cb0940759178745e74c51c0b4681d57234e651186f8abcd3db2b017145d5992

  • SSDEEP

    384:kNBaOwIkd38aJUEQGAJ7Xc9S+5VKz8WWnUw7XfJ8CcTtZ6cd1wcLEknpC4COuRar:Awnx8aJBb19iz8vU8CCu1bZLwYM4d

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      4377e63f9fdcef716ecb04c4a3f5bf51_JaffaCakes118

    • Size

      39KB

    • MD5

      4377e63f9fdcef716ecb04c4a3f5bf51

    • SHA1

      9acb79f55a4be504e7916dcb9b14f88d5fede0a0

    • SHA256

      1339e5373cf92fd103b1809d5ab3cfc429ea381f8a3ae05e29a6b8704ba8cd25

    • SHA512

      efa326c5b14a5bc7024ed2094ed6bbcccfe493947265173832b9a8b9b3c658781cb0940759178745e74c51c0b4681d57234e651186f8abcd3db2b017145d5992

    • SSDEEP

      384:kNBaOwIkd38aJUEQGAJ7Xc9S+5VKz8WWnUw7XfJ8CcTtZ6cd1wcLEknpC4COuRar:Awnx8aJBb19iz8vU8CCu1bZLwYM4d

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks