Overview

overview

10

Static

static

3

6432f88bae...18.exe

windows7-x64

10

6432f88bae...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6432f88bae0d65f05d7a4fabdb4784e6_JaffaCakes118

  • Size

    13KB

  • Sample

    241020-1hpm2s1glh

  • MD5

    6432f88bae0d65f05d7a4fabdb4784e6

  • SHA1

    0d12d543f624da36667e56b34647272763ea611e

  • SHA256

    a88cdb26c7ff2fd0ac6a00e1ab81950d839000391a36d869260733ff1b036d5b

  • SHA512

    3646079d3d8609dbbf0f330b71d24b2602f1c4d52dcd1e78cfb481674f014dd473f861b54e7fe0c05fd523360f43cc03f125f908854b97a76ccd9f35fc617448

  • SSDEEP

    192:XyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:i04Vfdj9JT9uxRgZGz0glhPuDWWx3f

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      6432f88bae0d65f05d7a4fabdb4784e6_JaffaCakes118

    • Size

      13KB

    • MD5

      6432f88bae0d65f05d7a4fabdb4784e6

    • SHA1

      0d12d543f624da36667e56b34647272763ea611e

    • SHA256

      a88cdb26c7ff2fd0ac6a00e1ab81950d839000391a36d869260733ff1b036d5b

    • SHA512

      3646079d3d8609dbbf0f330b71d24b2602f1c4d52dcd1e78cfb481674f014dd473f861b54e7fe0c05fd523360f43cc03f125f908854b97a76ccd9f35fc617448

    • SSDEEP

      192:XyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:i04Vfdj9JT9uxRgZGz0glhPuDWWx3f

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks