General

  • Target

    8fa97847dd7b2dcae68285f944095564_JaffaCakes118

  • Size

    42KB

  • Sample

    241104-ha4swswgnp

  • MD5

    8fa97847dd7b2dcae68285f944095564

  • SHA1

    9127bea8b5787aa86d39a82b216955fe4afa9294

  • SHA256

    c8034ac04bc07d3e60845b2757554271788067e7620aa4fcb6f907a6f689d596

  • SHA512

    f36ee535b6073fee16fbc78b967eaff4adcef72c6726d3fa5555dc93288a7d0cfdac68b7178e5b437c748e918013d12027b42d47cf59c177c94b74b1c1acc4e9

  • SSDEEP

    768:9dfTIvMANG3ZZ/ZhT7wj/CRRVLEJhgqPoLYsD7:9pIvMkG3/T7k/CTVLEXyL

Malware Config

Targets

    • Target

      8fa97847dd7b2dcae68285f944095564_JaffaCakes118

    • Size

      42KB

    • MD5

      8fa97847dd7b2dcae68285f944095564

    • SHA1

      9127bea8b5787aa86d39a82b216955fe4afa9294

    • SHA256

      c8034ac04bc07d3e60845b2757554271788067e7620aa4fcb6f907a6f689d596

    • SHA512

      f36ee535b6073fee16fbc78b967eaff4adcef72c6726d3fa5555dc93288a7d0cfdac68b7178e5b437c748e918013d12027b42d47cf59c177c94b74b1c1acc4e9

    • SSDEEP

      768:9dfTIvMANG3ZZ/ZhT7wj/CRRVLEJhgqPoLYsD7:9pIvMkG3/T7k/CTVLEXyL

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks