Overview

overview

10

Static

static

1

7234d3d19f...18.exe

windows7-x64

10

7234d3d19f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7234d3d19f72a607e8aedce00c5bfa4b_JaffaCakes118

  • Size

    84KB

  • Sample

    241024-eezsystalh

  • MD5

    7234d3d19f72a607e8aedce00c5bfa4b

  • SHA1

    821ff74ca137855fa895ac1cdea41dbb069241f7

  • SHA256

    c4cc9eb70d6c313dcdd38b50b6503a2355ae637fb95a460e52d112bbb6657b43

  • SHA512

    86bd84c0e3e50bc496d71e4ca1fce3e1a72052707cb8c1b39a96bc67e2147066e6ff4147e4e0678f9d2a3076ee94021d8fdecbe6924c743794ad499ce6cced42

  • SSDEEP

    384:zxJM8vcK/MnSslNQIMnFrcS7oET4jSJkvFKB2DED/JTlu6r0eFxs:1K8v6S5LFh7oET4+QQBGErJJu00ay

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      7234d3d19f72a607e8aedce00c5bfa4b_JaffaCakes118

    • Size

      84KB

    • MD5

      7234d3d19f72a607e8aedce00c5bfa4b

    • SHA1

      821ff74ca137855fa895ac1cdea41dbb069241f7

    • SHA256

      c4cc9eb70d6c313dcdd38b50b6503a2355ae637fb95a460e52d112bbb6657b43

    • SHA512

      86bd84c0e3e50bc496d71e4ca1fce3e1a72052707cb8c1b39a96bc67e2147066e6ff4147e4e0678f9d2a3076ee94021d8fdecbe6924c743794ad499ce6cced42

    • SSDEEP

      384:zxJM8vcK/MnSslNQIMnFrcS7oET4jSJkvFKB2DED/JTlu6r0eFxs:1K8v6S5LFh7oET4+QQBGErJJu00ay

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks