Overview

overview

10

Static

static

3

6aeb085e5a...18.exe

windows7-x64

10

6aeb085e5a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6aeb085e5a60a3f178b41e21f3ddeed8_JaffaCakes118

  • Size

    53KB

  • Sample

    241022-r65jqssdqr

  • MD5

    6aeb085e5a60a3f178b41e21f3ddeed8

  • SHA1

    3c51c687d30a621c3e788cfcc10be617132a30f7

  • SHA256

    fb92b114d7a1c208da2799874fd99ce4dd8ad1a2a6f896d9174c537f73a8abbb

  • SHA512

    a8dd9d5894ece618dd891f69e93887f950dc06c7a5e35365a7d2ec4587aedc0278d4e00c46b60461d7fb56dfecb6b55b109ff1fae5e72cdd06eca9b584faee86

  • SSDEEP

    768:75yQwyTIVNRoqBsvi4ZhKYTHIZehEDmAnJOc2AmnNBQdYBFdJmcnzUldEI:75yVN1OKjRJqr5JLnzULEI

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      6aeb085e5a60a3f178b41e21f3ddeed8_JaffaCakes118

    • Size

      53KB

    • MD5

      6aeb085e5a60a3f178b41e21f3ddeed8

    • SHA1

      3c51c687d30a621c3e788cfcc10be617132a30f7

    • SHA256

      fb92b114d7a1c208da2799874fd99ce4dd8ad1a2a6f896d9174c537f73a8abbb

    • SHA512

      a8dd9d5894ece618dd891f69e93887f950dc06c7a5e35365a7d2ec4587aedc0278d4e00c46b60461d7fb56dfecb6b55b109ff1fae5e72cdd06eca9b584faee86

    • SSDEEP

      768:75yQwyTIVNRoqBsvi4ZhKYTHIZehEDmAnJOc2AmnNBQdYBFdJmcnzUldEI:75yVN1OKjRJqr5JLnzULEI

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks