Overview

overview

10

Static

static

3

72628dc985...18.exe

windows7-x64

10

72628dc985...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72628dc9853170d3670e329c307e2ad0_JaffaCakes118

  • Size

    97KB

  • Sample

    241024-ffz1sawfpm

  • MD5

    72628dc9853170d3670e329c307e2ad0

  • SHA1

    29adf1c51520153fb914a6e3a6b9dd195b2bffd1

  • SHA256

    a0f728c20bbd467d362281ad5ae1317a65faecca6d1a042d8af8fb2f8dd42ec4

  • SHA512

    da067b5a3765021ade50cd7cd09bf99b41322a2df9f8178c58b7ea0ea7b9d690842d6821f7f8d87a54b94a48580d81e51577f154a0795be330e13039bf682590

  • SSDEEP

    1536:hvzxGDYCLprOrzDdVWowk3D2n7BWT3/214JhMy6P84OgJ:hrSYAqDOo3AWT3/Fgy6k/A

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      72628dc9853170d3670e329c307e2ad0_JaffaCakes118

    • Size

      97KB

    • MD5

      72628dc9853170d3670e329c307e2ad0

    • SHA1

      29adf1c51520153fb914a6e3a6b9dd195b2bffd1

    • SHA256

      a0f728c20bbd467d362281ad5ae1317a65faecca6d1a042d8af8fb2f8dd42ec4

    • SHA512

      da067b5a3765021ade50cd7cd09bf99b41322a2df9f8178c58b7ea0ea7b9d690842d6821f7f8d87a54b94a48580d81e51577f154a0795be330e13039bf682590

    • SSDEEP

      1536:hvzxGDYCLprOrzDdVWowk3D2n7BWT3/214JhMy6P84OgJ:hrSYAqDOo3AWT3/Fgy6k/A

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks