General

  • Target

    26e9e20a4cf3ff91d974578c9ba7e4575b776ac9697514dae94234f6f3453167N

  • Size

    60KB

  • Sample

    241109-py9sdavckk

  • MD5

    57d890b155d2cefdfd7276b5fac85ae0

  • SHA1

    5c473153d087f128454d0d68f0823fd5db355dba

  • SHA256

    26e9e20a4cf3ff91d974578c9ba7e4575b776ac9697514dae94234f6f3453167

  • SHA512

    754f6c3514e192f0869c66a8e0ef7500e6dd887cb5c5b665850adffb43e9a57d982716dc59fc140e8eba13d76dd534f93998e23e5865d5b1cc47e0b78d637f43

  • SSDEEP

    1536:RRkDnTSWukyxHE+JBWC7KnI4KTwTPGsvvkC:KnT6kyxdL9L0bGdC

Malware Config

Targets

    • Target

      26e9e20a4cf3ff91d974578c9ba7e4575b776ac9697514dae94234f6f3453167N

    • Size

      60KB

    • MD5

      57d890b155d2cefdfd7276b5fac85ae0

    • SHA1

      5c473153d087f128454d0d68f0823fd5db355dba

    • SHA256

      26e9e20a4cf3ff91d974578c9ba7e4575b776ac9697514dae94234f6f3453167

    • SHA512

      754f6c3514e192f0869c66a8e0ef7500e6dd887cb5c5b665850adffb43e9a57d982716dc59fc140e8eba13d76dd534f93998e23e5865d5b1cc47e0b78d637f43

    • SSDEEP

      1536:RRkDnTSWukyxHE+JBWC7KnI4KTwTPGsvvkC:KnT6kyxdL9L0bGdC

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks