Overview

overview

10

Static

static

3

fcad321f40...bb.exe

windows7-x64

10

fcad321f40...bb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcad321f4035dd04dc3f0acef9a01964d1add2650aa3d0137202a7d2f0a15ebb

  • Size

    140KB

  • Sample

    241017-d4h13atenp

  • MD5

    5600f3a8a62888811860d604c6bc70c5

  • SHA1

    4e355c4fc3977b31379daf990b1a7b848285ea37

  • SHA256

    fcad321f4035dd04dc3f0acef9a01964d1add2650aa3d0137202a7d2f0a15ebb

  • SHA512

    483650df71c82c939b0f6eb32a4df3df46e22a720b18ebccf6b217323302fb9d53a3745e38056147e55ff801b99ad3aadc0904e249f805609f450db09886dc53

  • SSDEEP

    3072:nyha6oMx7EMoGg7KCdAY3cI1Qawh8YWjIZbhD1zKufAv+btun:nyhTTyG4xOvQn

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      fcad321f4035dd04dc3f0acef9a01964d1add2650aa3d0137202a7d2f0a15ebb

    • Size

      140KB

    • MD5

      5600f3a8a62888811860d604c6bc70c5

    • SHA1

      4e355c4fc3977b31379daf990b1a7b848285ea37

    • SHA256

      fcad321f4035dd04dc3f0acef9a01964d1add2650aa3d0137202a7d2f0a15ebb

    • SHA512

      483650df71c82c939b0f6eb32a4df3df46e22a720b18ebccf6b217323302fb9d53a3745e38056147e55ff801b99ad3aadc0904e249f805609f450db09886dc53

    • SSDEEP

      3072:nyha6oMx7EMoGg7KCdAY3cI1Qawh8YWjIZbhD1zKufAv+btun:nyhTTyG4xOvQn

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks