Overview

overview

10

Static

static

3

87ec4d1664...18.exe

windows7-x64

10

87ec4d1664...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87ec4d16645b2a9f8bbfea8c0656f7db_JaffaCakes118

  • Size

    29KB

  • Sample

    241102-1k3bxsyqhp

  • MD5

    87ec4d16645b2a9f8bbfea8c0656f7db

  • SHA1

    58da785c1590ffccc93c19a9413f32608aa06f8e

  • SHA256

    d78866867278edafd1aa34bc7ce716463962553739e84b13a9fd012f69e7e837

  • SHA512

    cdeb8d3dcc07c30830e1b7743d83203884ee25b6b169a80358c420ae7d2745996feb7ce3b9ba7415e33e33a7785be18493d624b24b26ab20e0b30bf91df67b7a

  • SSDEEP

    768:nTs4HygUoZyE2TtDKXDSgmgI8Rk/93iu0iV:igUSuREJjIH/Jiu0iV

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      87ec4d16645b2a9f8bbfea8c0656f7db_JaffaCakes118

    • Size

      29KB

    • MD5

      87ec4d16645b2a9f8bbfea8c0656f7db

    • SHA1

      58da785c1590ffccc93c19a9413f32608aa06f8e

    • SHA256

      d78866867278edafd1aa34bc7ce716463962553739e84b13a9fd012f69e7e837

    • SHA512

      cdeb8d3dcc07c30830e1b7743d83203884ee25b6b169a80358c420ae7d2745996feb7ce3b9ba7415e33e33a7785be18493d624b24b26ab20e0b30bf91df67b7a

    • SSDEEP

      768:nTs4HygUoZyE2TtDKXDSgmgI8Rk/93iu0iV:igUSuREJjIH/Jiu0iV

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks