Overview

overview

10

Static

static

3

TrustedInstaller.exe

windows7-x64

10

TrustedInstaller.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TrustedInstaller

  • Size

    213KB

  • Sample

    241031-hdqqfasgrl

  • MD5

    2f675e03759ef3ebc2c3f50e74083511

  • SHA1

    2b6d10856d1f0c01d37786094efcd9314c5a9024

  • SHA256

    16dfb38831b7ad38f1f36e8a15298133e5738bdc969674b720d5c43aaed59840

  • SHA512

    34539e491e0c09d7677da7bee1dcfaf123e56c8193e4b88895b6f51f24e2382bd2380a4cff77edeb09ebe288b939a42eda227f7e5f1e62caf567a8bc80cb2c78

  • SSDEEP

    3072:IPfSUM+yWrvnK99pJE4lNGAQ8etVEoDQ2equdLg+hguIlo0lVTyRgFX:E6Upr/KnrcAPuTQdLN6uI1pyc

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      TrustedInstaller

    • Size

      213KB

    • MD5

      2f675e03759ef3ebc2c3f50e74083511

    • SHA1

      2b6d10856d1f0c01d37786094efcd9314c5a9024

    • SHA256

      16dfb38831b7ad38f1f36e8a15298133e5738bdc969674b720d5c43aaed59840

    • SHA512

      34539e491e0c09d7677da7bee1dcfaf123e56c8193e4b88895b6f51f24e2382bd2380a4cff77edeb09ebe288b939a42eda227f7e5f1e62caf567a8bc80cb2c78

    • SSDEEP

      3072:IPfSUM+yWrvnK99pJE4lNGAQ8etVEoDQ2equdLg+hguIlo0lVTyRgFX:E6Upr/KnrcAPuTQdLN6uI1pyc

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks