Overview

overview

10

Static

static

3

aa4015faa3...18.exe

windows7-x64

10

aa4015faa3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa4015faa30238e6fa8969414e5c95f5_JaffaCakes118

  • Size

    75KB

  • Sample

    241128-alkkdssrgj

  • MD5

    aa4015faa30238e6fa8969414e5c95f5

  • SHA1

    813e7f3ba22505df83f4b0b3d78c57d7ffe318c0

  • SHA256

    07876ee8136321f7bd937755e0e3ea86c85f4050227ab89319b59dfaf67e239d

  • SHA512

    fc7860c5e4e28419cf8589fada06b02ac84c6a319dcc624b451751f75722b43b5418ae5ca69a0f08e2ee0bf0dd30a0647c7b4d0d7a712fe72e2b101d8136b413

  • SSDEEP

    1536:8l9/mTYXwRpVF/na8lOFMyOi2DwCR0ObvG6RcAj2:w9OTYgLVF/a8lOFMZDNR0+O6RcAj

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      aa4015faa30238e6fa8969414e5c95f5_JaffaCakes118

    • Size

      75KB

    • MD5

      aa4015faa30238e6fa8969414e5c95f5

    • SHA1

      813e7f3ba22505df83f4b0b3d78c57d7ffe318c0

    • SHA256

      07876ee8136321f7bd937755e0e3ea86c85f4050227ab89319b59dfaf67e239d

    • SHA512

      fc7860c5e4e28419cf8589fada06b02ac84c6a319dcc624b451751f75722b43b5418ae5ca69a0f08e2ee0bf0dd30a0647c7b4d0d7a712fe72e2b101d8136b413

    • SSDEEP

      1536:8l9/mTYXwRpVF/na8lOFMyOi2DwCR0ObvG6RcAj2:w9OTYgLVF/a8lOFMZDNR0+O6RcAj

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks