Overview

overview

10

Static

static

3

6fea6b7c53...9N.exe

windows7-x64

10

6fea6b7c53...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6fea6b7c53d4186776a8c1ebc35ce3f551114a711f74de3947c4b260aaa4df39N

  • Size

    138KB

  • Sample

    241017-k3ny9avbkk

  • MD5

    26af426dd32e284483ae5a100715b790

  • SHA1

    87af02c77103fa62ff66d64f73ef66da452bab51

  • SHA256

    6fea6b7c53d4186776a8c1ebc35ce3f551114a711f74de3947c4b260aaa4df39

  • SHA512

    3b19b0d6288766f7d2626d9c23b5d7d2af836386297124bc25108bae903373e261987145d7b0cd809521f95e0e97e0047b37588f5103fd9c21f0554693293d1d

  • SSDEEP

    1536:YU0qV/5dSoUygFiQgShH18MmH6q13t1SN7aAvS498N9rY:Y+EoUPRgWH18MmaqD1SdXL98N9rY

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      6fea6b7c53d4186776a8c1ebc35ce3f551114a711f74de3947c4b260aaa4df39N

    • Size

      138KB

    • MD5

      26af426dd32e284483ae5a100715b790

    • SHA1

      87af02c77103fa62ff66d64f73ef66da452bab51

    • SHA256

      6fea6b7c53d4186776a8c1ebc35ce3f551114a711f74de3947c4b260aaa4df39

    • SHA512

      3b19b0d6288766f7d2626d9c23b5d7d2af836386297124bc25108bae903373e261987145d7b0cd809521f95e0e97e0047b37588f5103fd9c21f0554693293d1d

    • SSDEEP

      1536:YU0qV/5dSoUygFiQgShH18MmH6q13t1SN7aAvS498N9rY:Y+EoUPRgWH18MmaqD1SdXL98N9rY

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks