Overview

overview

10

Static

static

3

8c3ce2d8a5...18.exe

windows7-x64

10

8c3ce2d8a5...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c3ce2d8a53fc29441b89940827162e1_JaffaCakes118

  • Size

    45KB

  • Sample

    241103-s567lsxjd1

  • MD5

    8c3ce2d8a53fc29441b89940827162e1

  • SHA1

    4f71a716319e690fc18c81f131cab296fbae720b

  • SHA256

    d8efd179f3b652a1006ccebeb48c135b58908e5bd7ceb7ee6e49d5b311ac869c

  • SHA512

    2cbbddff90adbbc9939a35a2f29c681b2e32bb13fb0f07cadf3ab53b78f032cc1cef6f7205fef21b78be7e679702d3e90f8cb9a162217e43c6dffd2950db42d1

  • SSDEEP

    768:yA0YdLskN7z69OdIEZ4ScTf5kOqRgn72V7cnKvzZSKh:D3aVScTf2RyiVPzZ/

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      8c3ce2d8a53fc29441b89940827162e1_JaffaCakes118

    • Size

      45KB

    • MD5

      8c3ce2d8a53fc29441b89940827162e1

    • SHA1

      4f71a716319e690fc18c81f131cab296fbae720b

    • SHA256

      d8efd179f3b652a1006ccebeb48c135b58908e5bd7ceb7ee6e49d5b311ac869c

    • SHA512

      2cbbddff90adbbc9939a35a2f29c681b2e32bb13fb0f07cadf3ab53b78f032cc1cef6f7205fef21b78be7e679702d3e90f8cb9a162217e43c6dffd2950db42d1

    • SSDEEP

      768:yA0YdLskN7z69OdIEZ4ScTf5kOqRgn72V7cnKvzZSKh:D3aVScTf2RyiVPzZ/

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks