General

  • Target

    82f0309a6dbee13e2f45ad49ee66b743_JaffaCakes118

  • Size

    77KB

  • Sample

    241031-n6agtaybpm

  • MD5

    82f0309a6dbee13e2f45ad49ee66b743

  • SHA1

    2a9f684036b7f95668aad84658a33d454085d4ca

  • SHA256

    eca385dd03835cf03e5030de9a2761edc7c3e5d2b59433a5a4c01851fd502b33

  • SHA512

    6933ca6c46662d37393784dea65a9c09ff125f26aed9b69b85d952dc2323837511a83bfdf504ce298cc0a2b3b718af3ce5305f9830528ab9a3a7e0b6838cdced

  • SSDEEP

    768:/9Ndl0gzhY+eLA7gLa1eaf5EKbW1bY65h2WWVBYT:zdl0gtY+YLaFfzSbYEEzg

Malware Config

Targets

    • Target

      82f0309a6dbee13e2f45ad49ee66b743_JaffaCakes118

    • Size

      77KB

    • MD5

      82f0309a6dbee13e2f45ad49ee66b743

    • SHA1

      2a9f684036b7f95668aad84658a33d454085d4ca

    • SHA256

      eca385dd03835cf03e5030de9a2761edc7c3e5d2b59433a5a4c01851fd502b33

    • SHA512

      6933ca6c46662d37393784dea65a9c09ff125f26aed9b69b85d952dc2323837511a83bfdf504ce298cc0a2b3b718af3ce5305f9830528ab9a3a7e0b6838cdced

    • SSDEEP

      768:/9Ndl0gzhY+eLA7gLa1eaf5EKbW1bY65h2WWVBYT:zdl0gtY+YLaFfzSbYEEzg

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks