Overview

overview

10

Static

static

3

e3204edde4...af.exe

windows7-x64

10

e3204edde4...af.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3204edde4789916877410001369a3255540c6fc2d84157b9034e46a42508caf

  • Size

    129KB

  • Sample

    241019-esqgfawfng

  • MD5

    12201f0de3be232b04a246c18007e7a6

  • SHA1

    3ae3e7625a7d63dc168faab2fb3e7464a6a02669

  • SHA256

    e3204edde4789916877410001369a3255540c6fc2d84157b9034e46a42508caf

  • SHA512

    bfa7c8bbbcfcc79a2d978b32c63267920b4343308574d66e346dc6cb5ddd0ef25f3bebde63dd28d7cba1f3366447aa444ad4f2438f27c75cc752f4e2361d06db

  • SSDEEP

    1536:8haN2fh0+TTQInoWGJcJJleqt1+Wgx3lFnHmleHSWgLAyXnnLm+Anqe/N:2++TFnoWTTYBB1hHgN1Anq+

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      e3204edde4789916877410001369a3255540c6fc2d84157b9034e46a42508caf

    • Size

      129KB

    • MD5

      12201f0de3be232b04a246c18007e7a6

    • SHA1

      3ae3e7625a7d63dc168faab2fb3e7464a6a02669

    • SHA256

      e3204edde4789916877410001369a3255540c6fc2d84157b9034e46a42508caf

    • SHA512

      bfa7c8bbbcfcc79a2d978b32c63267920b4343308574d66e346dc6cb5ddd0ef25f3bebde63dd28d7cba1f3366447aa444ad4f2438f27c75cc752f4e2361d06db

    • SSDEEP

      1536:8haN2fh0+TTQInoWGJcJJleqt1+Wgx3lFnHmleHSWgLAyXnnLm+Anqe/N:2++TFnoWTTYBB1hHgN1Anq+

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks