Overview

overview

10

Static

static

3

6f0f29b6f9...18.exe

windows7-x64

10

6f0f29b6f9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f0f29b6f9e46b47f040c7017d15f469_JaffaCakes118

  • Size

    13KB

  • Sample

    241023-p9wd5a1fjb

  • MD5

    6f0f29b6f9e46b47f040c7017d15f469

  • SHA1

    633a951ef2c811aac91c3c0135f4413369d5634b

  • SHA256

    e4613308b38628b6352d3b553d560fbbff0470a0bed9ff350cb63f874b50dfe4

  • SHA512

    1f993ccbdf63136801b074fdb72b432f8f55d85d5fbcad88272ffa41f893559ca279b4eadafed44b0c06a0ec5e24625e3c88917f3b8bc556dfc278f083f25e8f

  • SSDEEP

    192:PyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:604Vfdj9JT9uxRgZGz0glhPuDWWx3f

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      6f0f29b6f9e46b47f040c7017d15f469_JaffaCakes118

    • Size

      13KB

    • MD5

      6f0f29b6f9e46b47f040c7017d15f469

    • SHA1

      633a951ef2c811aac91c3c0135f4413369d5634b

    • SHA256

      e4613308b38628b6352d3b553d560fbbff0470a0bed9ff350cb63f874b50dfe4

    • SHA512

      1f993ccbdf63136801b074fdb72b432f8f55d85d5fbcad88272ffa41f893559ca279b4eadafed44b0c06a0ec5e24625e3c88917f3b8bc556dfc278f083f25e8f

    • SSDEEP

      192:PyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/:604Vfdj9JT9uxRgZGz0glhPuDWWx3f

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks