Overview

overview

10

Static

static

3

7885004dc0...18.exe

windows7-x64

10

7885004dc0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7885004dc0250598a7b5cff30105746d_JaffaCakes118

  • Size

    71KB

  • Sample

    241028-jsq57avblr

  • MD5

    7885004dc0250598a7b5cff30105746d

  • SHA1

    05f209c8a38a0c43603636a80e3d45a80f682a49

  • SHA256

    dafb80e91fb6453bbf1c8fdd168ea3e5df0d7eb85a4dfb5487792604068a5afe

  • SHA512

    988d1b1c0821cea0bc72c091780997f6bbfafa28bdca795633113bb88dc0a4495a50f432d7a425648a9a718f9059aa46821cec6e9dee66004b9d400ac0695845

  • SSDEEP

    384:wgKfIR4dasonIKIt+cx0o3nmpD6u+z4JJn0wB/2ZBYJsnS+pTqiZmK6hiZDy6P:wgDu5wM0k0WAVB/2nYQS+pxZs0y

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      7885004dc0250598a7b5cff30105746d_JaffaCakes118

    • Size

      71KB

    • MD5

      7885004dc0250598a7b5cff30105746d

    • SHA1

      05f209c8a38a0c43603636a80e3d45a80f682a49

    • SHA256

      dafb80e91fb6453bbf1c8fdd168ea3e5df0d7eb85a4dfb5487792604068a5afe

    • SHA512

      988d1b1c0821cea0bc72c091780997f6bbfafa28bdca795633113bb88dc0a4495a50f432d7a425648a9a718f9059aa46821cec6e9dee66004b9d400ac0695845

    • SSDEEP

      384:wgKfIR4dasonIKIt+cx0o3nmpD6u+z4JJn0wB/2ZBYJsnS+pTqiZmK6hiZDy6P:wgDu5wM0k0WAVB/2nYQS+pxZs0y

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks