General

  • Target

    4634aaeff341fd83873297d9307ca663_JaffaCakes118

  • Size

    87KB

  • Sample

    241015-gwqbysyfmf

  • MD5

    4634aaeff341fd83873297d9307ca663

  • SHA1

    351a928cd2c794d26e71a7df1dca55dbdc768e1d

  • SHA256

    e8d69dd8920d43f2dcb5ff88a5090bb8a344794f05dae24cbe87a1e286cd3d04

  • SHA512

    f12be77d748cb5942c926fd41404908bb71ed6d6981ae8908c9edce8f5f03a9aa30718a192446755757fbb4229fd963dd8293c7e31c995240aae3f2b1f16c7d7

  • SSDEEP

    1536:gtfE8IOK3hssWcV8z7AmlOLX3iEDj/VivmX7BO8B:GE8IOK3hssWM8om8X3Hf8vK7BVB

Malware Config

Targets

    • Target

      4634aaeff341fd83873297d9307ca663_JaffaCakes118

    • Size

      87KB

    • MD5

      4634aaeff341fd83873297d9307ca663

    • SHA1

      351a928cd2c794d26e71a7df1dca55dbdc768e1d

    • SHA256

      e8d69dd8920d43f2dcb5ff88a5090bb8a344794f05dae24cbe87a1e286cd3d04

    • SHA512

      f12be77d748cb5942c926fd41404908bb71ed6d6981ae8908c9edce8f5f03a9aa30718a192446755757fbb4229fd963dd8293c7e31c995240aae3f2b1f16c7d7

    • SSDEEP

      1536:gtfE8IOK3hssWcV8z7AmlOLX3iEDj/VivmX7BO8B:GE8IOK3hssWM8om8X3Hf8vK7BVB

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks