Overview

overview

10

Static

static

1

4597a35c20...18.exe

windows7-x64

10

4597a35c20...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4597a35c20aa8480a43dbd9459bcf38c_JaffaCakes118

  • Size

    58KB

  • Sample

    241015-dxfx5asbmh

  • MD5

    4597a35c20aa8480a43dbd9459bcf38c

  • SHA1

    59b6560908d1af8eea3d4b1ac702982756bcd1a3

  • SHA256

    85e4d36413f3771d5bc5e03c431fb5c634d3a3fcb3cda7693d268caab596373f

  • SHA512

    490d1143353e07f5c55423ea8856f4c2ff0040305eabba018a0c5b81190ba7fabaca07114598540cc9ea46bf3a2dd39f6ad4c78f97331694bc3d47a55a4c7aa7

  • SSDEEP

    1536:aKW5P12GUFX4593IWnHm/lHm/1Hm/BHm/0evwZu:aKWKGUZ45phm/Vm/lm/Zm/0evwY

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      4597a35c20aa8480a43dbd9459bcf38c_JaffaCakes118

    • Size

      58KB

    • MD5

      4597a35c20aa8480a43dbd9459bcf38c

    • SHA1

      59b6560908d1af8eea3d4b1ac702982756bcd1a3

    • SHA256

      85e4d36413f3771d5bc5e03c431fb5c634d3a3fcb3cda7693d268caab596373f

    • SHA512

      490d1143353e07f5c55423ea8856f4c2ff0040305eabba018a0c5b81190ba7fabaca07114598540cc9ea46bf3a2dd39f6ad4c78f97331694bc3d47a55a4c7aa7

    • SSDEEP

      1536:aKW5P12GUFX4593IWnHm/lHm/1Hm/BHm/0evwZu:aKWKGUZ45phm/Vm/lm/Zm/0evwY

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks