Overview

overview

10

Static

static

3

92df1d5a38...18.exe

windows7-x64

10

92df1d5a38...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92df1d5a3835e54db16b1c4745d10af0_JaffaCakes118

  • Size

    101KB

  • Sample

    241124-gjfxrawrhz

  • MD5

    92df1d5a3835e54db16b1c4745d10af0

  • SHA1

    cdd0bcfb9120804f7d84ecbdde2695abe1d8b037

  • SHA256

    afdb13e1f7054e6293489a2e12ea655c4cb656ba3fd6f1c97f0dce25f4628bf7

  • SHA512

    98f39a0ce352ea998495567261cdf5065fb5cd6dd793003cae342ae5668c685ad35342d7f83b00469367d2f181875e67fda913fa73080ac14b5de829565aa6cc

  • SSDEEP

    1536:BUKY/FF08H52t7ZgnmYVPS7aDzVaRUPtNwSxe+M9PuDIvpr/L6:BrSx52t7ZS4uDzYuxOuDIvprD6

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      92df1d5a3835e54db16b1c4745d10af0_JaffaCakes118

    • Size

      101KB

    • MD5

      92df1d5a3835e54db16b1c4745d10af0

    • SHA1

      cdd0bcfb9120804f7d84ecbdde2695abe1d8b037

    • SHA256

      afdb13e1f7054e6293489a2e12ea655c4cb656ba3fd6f1c97f0dce25f4628bf7

    • SHA512

      98f39a0ce352ea998495567261cdf5065fb5cd6dd793003cae342ae5668c685ad35342d7f83b00469367d2f181875e67fda913fa73080ac14b5de829565aa6cc

    • SSDEEP

      1536:BUKY/FF08H52t7ZgnmYVPS7aDzVaRUPtNwSxe+M9PuDIvpr/L6:BrSx52t7ZS4uDzYuxOuDIvprD6

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks