andromeda | eb68ccb475695c9cdebe6cfa02cedab4e6f19ae6b8276fe11889a1e5f3181e3c | Triage

Submit
Reports

Overview

overview

Static

static

3

4dc09db34e...6N.exe

windows7-x64

4dc09db34e...6N.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

4dc09db34e4667bb238eaae25c8a08afa07a9c0c8ba67113399d455473f9bf96N.exe
Size

226KB
Sample

241111-cl4dlszflk
MD5

6275dbf80e0e6cfb3b0903c344f27447
SHA1

fcdf8aa513ae48ec30afbe6cda8def8baf2d41c7
SHA256

eb68ccb475695c9cdebe6cfa02cedab4e6f19ae6b8276fe11889a1e5f3181e3c
SHA512

9bdd301c77a0d02281925faf570791313b91bf740ce27a8e136fff155bc418b6595fbc1933f17fdf7218bc6607c61f052db32a264a8c74b9d0f2958909c42ff3
SSDEEP

3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9Hp977p3jCtd:/14RzUNsYN1B9nX9Ud9HjfwP

Score

10^/10

andromeda backdoor botnet discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4dc09db34e4667bb238eaae25c8a08afa07a9c0c8ba67113399d455473f9bf96N.exe

Resource

win7-20240708-en

andromeda backdoor botnet discovery persistence

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

4dc09db34e4667bb238eaae25c8a08afa07a9c0c8ba67113399d455473f9bf96N.exe

Resource

win10v2004-20241007-en

andromeda backdoor botnet discovery persistence

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  4dc09db34e4667bb238eaae25c8a08afa07a9c0c8ba67113399d455473f9bf96N.exe
- Size
  
  226KB
- MD5
  
  6275dbf80e0e6cfb3b0903c344f27447
- SHA1
  
  fcdf8aa513ae48ec30afbe6cda8def8baf2d41c7
- SHA256
  
  eb68ccb475695c9cdebe6cfa02cedab4e6f19ae6b8276fe11889a1e5f3181e3c
- SHA512
  
  9bdd301c77a0d02281925faf570791313b91bf740ce27a8e136fff155bc418b6595fbc1933f17fdf7218bc6607c61f052db32a264a8c74b9d0f2958909c42ff3
- SSDEEP
  
  3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9Hp977p3jCtd:/14RzUNsYN1B9nX9Ud9HjfwP
Score

10^/10

andromeda backdoor botnet discovery persistence
- Andromeda family
  andromeda
- Andromeda, Gamarue
  Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
  botnet backdoor andromeda
- Detects Andromeda payload.
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

andromedabackdoorbotnetdiscoverypersistence

behavioral2

andromedabackdoorbotnetdiscoverypersistence

© 2018-2025

Terms | Privacy