Overview

overview

10

Static

static

3

5cc3ae38f6...18.exe

windows7-x64

10

5cc3ae38f6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cc3ae38f605154efcfb90b31acdbe93_JaffaCakes118

  • Size

    39KB

  • Sample

    241019-qawfhsyhrp

  • MD5

    5cc3ae38f605154efcfb90b31acdbe93

  • SHA1

    7466abbe86fc38caa9ced05f03d33278f3dfcb18

  • SHA256

    f571b7917fb33a38e031098f259c2c41d4f33f9aba16c7bd09c0741520a83880

  • SHA512

    650992a84f9839455c1cb9c60823c00e3ce493d41e3f9c4d4647e0b41ea8a6c5c565a8c72645c14c8de364cfbef1c13bcdcf18cd2f6959bc1d9b48ae6e39cfc5

  • SSDEEP

    768:Kqzz5UGF2uzKLJD1oijRWhPsvu8zYd2Zt7w4dIA6FgLEpkxOFoYRaE6N+:KiS0LzgJ6hsG8zYd237w4agt0FoYR0N+

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      5cc3ae38f605154efcfb90b31acdbe93_JaffaCakes118

    • Size

      39KB

    • MD5

      5cc3ae38f605154efcfb90b31acdbe93

    • SHA1

      7466abbe86fc38caa9ced05f03d33278f3dfcb18

    • SHA256

      f571b7917fb33a38e031098f259c2c41d4f33f9aba16c7bd09c0741520a83880

    • SHA512

      650992a84f9839455c1cb9c60823c00e3ce493d41e3f9c4d4647e0b41ea8a6c5c565a8c72645c14c8de364cfbef1c13bcdcf18cd2f6959bc1d9b48ae6e39cfc5

    • SSDEEP

      768:Kqzz5UGF2uzKLJD1oijRWhPsvu8zYd2Zt7w4dIA6FgLEpkxOFoYRaE6N+:KiS0LzgJ6hsG8zYd237w4agt0FoYR0N+

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks