Overview

overview

10

Static

static

3

69989d1126...18.exe

windows7-x64

10

69989d1126...18.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69989d112671b4d86f001dc4590be7e2_JaffaCakes118

  • Size

    53KB

  • Sample

    241022-jtrs4sxcjp

  • MD5

    69989d112671b4d86f001dc4590be7e2

  • SHA1

    ee7e816d356276af4d1e259626105d8c61bf87cd

  • SHA256

    f73330199dd17761a7d5911ff6dbaf04698931a919c2586fb41ce3ae8cbf69f9

  • SHA512

    a334fbbfff324f52f3a963bebc73a933b2dccfdd9b4a31996ba927322967e51eaf100cb64bf3162a59161a61c689fb736cc616eee4b811acfef04f95f44852f7

  • SSDEEP

    768:aFk++aif5hMBuZJWujd8CEDhAnKwSATmlNoC7vm0QERbbphy7umjRy45L72ROKuB:aFkHnHjaGJSrocvRFe1V2oKupD

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      69989d112671b4d86f001dc4590be7e2_JaffaCakes118

    • Size

      53KB

    • MD5

      69989d112671b4d86f001dc4590be7e2

    • SHA1

      ee7e816d356276af4d1e259626105d8c61bf87cd

    • SHA256

      f73330199dd17761a7d5911ff6dbaf04698931a919c2586fb41ce3ae8cbf69f9

    • SHA512

      a334fbbfff324f52f3a963bebc73a933b2dccfdd9b4a31996ba927322967e51eaf100cb64bf3162a59161a61c689fb736cc616eee4b811acfef04f95f44852f7

    • SSDEEP

      768:aFk++aif5hMBuZJWujd8CEDhAnKwSATmlNoC7vm0QERbbphy7umjRy45L72ROKuB:aFkHnHjaGJSrocvRFe1V2oKupD

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks