Overview

overview

10

Static

static

1

9417c725bf...18.exe

windows7-x64

10

9417c725bf...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9417c725bfc9b6ac6d60f1c6c5869298_JaffaCakes118

  • Size

    39KB

  • Sample

    241124-mj94gs1pep

  • MD5

    9417c725bfc9b6ac6d60f1c6c5869298

  • SHA1

    b4e01f3c4945e44aa218f6ac1dcb0ed0c0192ae8

  • SHA256

    1adb58e9b7f0c1511a614ea0146e57cc123a5b1beffcb9ff4b6822e41b934983

  • SHA512

    855b2d30fc853f333adcf3eca03eed9a0298607e8eb44a21cda1cc1b0f19409c7b98f436276971740584a292726a5dbfc6ea4aeedcb504f14829710973e0817c

  • SSDEEP

    384:eNA3O9wJDK9U+aUAZEYmRhPblQr2EReekRCcTtZ6cd1wcafq9npC4COuRa+Rdrp2:vUwJnhbmXblQr98Cu1q4LwYM4r

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      9417c725bfc9b6ac6d60f1c6c5869298_JaffaCakes118

    • Size

      39KB

    • MD5

      9417c725bfc9b6ac6d60f1c6c5869298

    • SHA1

      b4e01f3c4945e44aa218f6ac1dcb0ed0c0192ae8

    • SHA256

      1adb58e9b7f0c1511a614ea0146e57cc123a5b1beffcb9ff4b6822e41b934983

    • SHA512

      855b2d30fc853f333adcf3eca03eed9a0298607e8eb44a21cda1cc1b0f19409c7b98f436276971740584a292726a5dbfc6ea4aeedcb504f14829710973e0817c

    • SSDEEP

      384:eNA3O9wJDK9U+aUAZEYmRhPblQr2EReekRCcTtZ6cd1wcafq9npC4COuRa+Rdrp2:vUwJnhbmXblQr98Cu1q4LwYM4r

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks