Overview

overview

10

Static

static

3

1621aefe14...84.exe

windows7-x64

10

1621aefe14...84.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1621aefe1472261aba3ab8844a424c261be363160e886a39acb73b4d5cb59f84.exe

  • Size

    226KB

  • Sample

    241111-m9fbssyfrc

  • MD5

    8928b7da8d42543178937bd4271c34a0

  • SHA1

    3c0949d00df3a449a4b9e69ec808cd80aaa9d2ee

  • SHA256

    1621aefe1472261aba3ab8844a424c261be363160e886a39acb73b4d5cb59f84

  • SHA512

    267a9fd9778ad3a1c7b1e95eb54a05dfb7dceb13c207eb7ac44402f4d08a7e79f04d11244fe949c17cb21dd271d8a36fef07e863f289aae0f4e788aa32b94023

  • SSDEEP

    3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9Hp977p3jCtP:/14RzUNsYN1B9nX9Ud9HjfwF

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      1621aefe1472261aba3ab8844a424c261be363160e886a39acb73b4d5cb59f84.exe

    • Size

      226KB

    • MD5

      8928b7da8d42543178937bd4271c34a0

    • SHA1

      3c0949d00df3a449a4b9e69ec808cd80aaa9d2ee

    • SHA256

      1621aefe1472261aba3ab8844a424c261be363160e886a39acb73b4d5cb59f84

    • SHA512

      267a9fd9778ad3a1c7b1e95eb54a05dfb7dceb13c207eb7ac44402f4d08a7e79f04d11244fe949c17cb21dd271d8a36fef07e863f289aae0f4e788aa32b94023

    • SSDEEP

      3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9Hp977p3jCtP:/14RzUNsYN1B9nX9Ud9HjfwF

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks