Overview

overview

10

Static

static

1

806bc71f6b...18.exe

windows7-x64

10

806bc71f6b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    806bc71f6b35fb6fcc61c06d432094c4_JaffaCakes118

  • Size

    39KB

  • Sample

    241030-2edxtatncj

  • MD5

    806bc71f6b35fb6fcc61c06d432094c4

  • SHA1

    5a014183673ffbd70e037517b0fd0884ebd8ca41

  • SHA256

    50c0c9380775a7322afd748d8d9b841daaeb377c48e0856d8561ab08553839b9

  • SHA512

    c89ff8d3f9ad2b7740add0e38304f91741138c2b735de69eb2936c1cf499866e13c1c9dee6ae9ea21e1c2b68c68ffa66204c03060af0be80cf20b510255ec13b

  • SSDEEP

    384:ZNA3O9wJDK9U+aUAZEYmRhPblQr2EReekRCcTtZ6cd1wcafq9npC4COuRa+Rdrpq:QUwJnhbmXblQr98Cu1q4LwYM4T

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      806bc71f6b35fb6fcc61c06d432094c4_JaffaCakes118

    • Size

      39KB

    • MD5

      806bc71f6b35fb6fcc61c06d432094c4

    • SHA1

      5a014183673ffbd70e037517b0fd0884ebd8ca41

    • SHA256

      50c0c9380775a7322afd748d8d9b841daaeb377c48e0856d8561ab08553839b9

    • SHA512

      c89ff8d3f9ad2b7740add0e38304f91741138c2b735de69eb2936c1cf499866e13c1c9dee6ae9ea21e1c2b68c68ffa66204c03060af0be80cf20b510255ec13b

    • SSDEEP

      384:ZNA3O9wJDK9U+aUAZEYmRhPblQr2EReekRCcTtZ6cd1wcafq9npC4COuRa+Rdrpq:QUwJnhbmXblQr98Cu1q4LwYM4T

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks