Overview

overview

10

Static

static

3

32ed50a70b...45.exe

windows7-x64

10

32ed50a70b...45.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32ed50a70bb7c0124a18c48d64901655dc37af62a0b220c394d993721dbd3145

  • Size

    109KB

  • Sample

    241024-1e95ksvcnl

  • MD5

    288b0db6e2a3cfacc6174881d15d0b6c

  • SHA1

    aaf244b017740d2b20ea13357f876d9a1a25b436

  • SHA256

    32ed50a70bb7c0124a18c48d64901655dc37af62a0b220c394d993721dbd3145

  • SHA512

    3ec336f463c71b23df5e7b9f86da509cf34852fa154d028664484ab5b664dfebe1d58cf7a29a1f38607ddda69865b18df02a7dd8d54a2285222e511d1ae0c438

  • SSDEEP

    1536:l6u6YB56XJ6owvzbNfURp4VntUhtH7Vi4Bhqzr14QN5ISjqaCj:l6uB28owvlrVnihVVi4Har14QN5IMBCj

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      32ed50a70bb7c0124a18c48d64901655dc37af62a0b220c394d993721dbd3145

    • Size

      109KB

    • MD5

      288b0db6e2a3cfacc6174881d15d0b6c

    • SHA1

      aaf244b017740d2b20ea13357f876d9a1a25b436

    • SHA256

      32ed50a70bb7c0124a18c48d64901655dc37af62a0b220c394d993721dbd3145

    • SHA512

      3ec336f463c71b23df5e7b9f86da509cf34852fa154d028664484ab5b664dfebe1d58cf7a29a1f38607ddda69865b18df02a7dd8d54a2285222e511d1ae0c438

    • SSDEEP

      1536:l6u6YB56XJ6owvzbNfURp4VntUhtH7Vi4Bhqzr14QN5ISjqaCj:l6uB28owvlrVnihVVi4Har14QN5IMBCj

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks