Overview

overview

10

Static

static

3

16cd1aa23a...56.exe

windows7-x64

10

16cd1aa23a...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16cd1aa23a5c573ff9414942f835724ad6ab481b46d042be3f14faa2e11fdc56.exe

  • Size

    81KB

  • Sample

    241126-z4dl8sznht

  • MD5

    91b3cc339d12ab75e109206b25a13cea

  • SHA1

    1b24f1c7b935380c7965a47ac1ec6b0d5a855a39

  • SHA256

    16cd1aa23a5c573ff9414942f835724ad6ab481b46d042be3f14faa2e11fdc56

  • SHA512

    a4efc405e72ffb00094dece3c06d4b5585d937e1d52d28ca143de6f98493213a423675199b0603e6fb8e5dfe234e10580a8dd5f4312f3e1f60f07330b9a680b2

  • SSDEEP

    1536:F1PvKv0h4NFTp8bqEKQJ2OdloVDfjnokT+lH0Ouds8RBXs7RDF61hoE:FhQ0hageExJfloR/+0jmyc7RD01hoE

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      16cd1aa23a5c573ff9414942f835724ad6ab481b46d042be3f14faa2e11fdc56.exe

    • Size

      81KB

    • MD5

      91b3cc339d12ab75e109206b25a13cea

    • SHA1

      1b24f1c7b935380c7965a47ac1ec6b0d5a855a39

    • SHA256

      16cd1aa23a5c573ff9414942f835724ad6ab481b46d042be3f14faa2e11fdc56

    • SHA512

      a4efc405e72ffb00094dece3c06d4b5585d937e1d52d28ca143de6f98493213a423675199b0603e6fb8e5dfe234e10580a8dd5f4312f3e1f60f07330b9a680b2

    • SSDEEP

      1536:F1PvKv0h4NFTp8bqEKQJ2OdloVDfjnokT+lH0Ouds8RBXs7RDF61hoE:FhQ0hageExJfloR/+0jmyc7RD01hoE

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks