Overview

overview

10

Static

static

3

18acea7451...fN.exe

windows7-x64

10

18acea7451...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18acea74517245cc402e4c60a863f078de3778ffcd061c48a3d31b41b70ceabfN.exe

  • Size

    147KB

  • Sample

    241128-zj71cazmdy

  • MD5

    9aba289606cc4e9bc66e68456acbb550

  • SHA1

    4629a3f364a1cda02348497e8a9138c22a5eab9a

  • SHA256

    18acea74517245cc402e4c60a863f078de3778ffcd061c48a3d31b41b70ceabf

  • SHA512

    9ebb1ccfa9767f5a8ccaf7b5e72cc29fb8ca4fb97c79b826f82c9aab8fa73f393959fcd9ee263354e58178ba81324c205be66109b592b2af7df36588e3b7cdff

  • SSDEEP

    1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqR:FW+1oS4l5OeuQdrmwvL8EqR

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      18acea74517245cc402e4c60a863f078de3778ffcd061c48a3d31b41b70ceabfN.exe

    • Size

      147KB

    • MD5

      9aba289606cc4e9bc66e68456acbb550

    • SHA1

      4629a3f364a1cda02348497e8a9138c22a5eab9a

    • SHA256

      18acea74517245cc402e4c60a863f078de3778ffcd061c48a3d31b41b70ceabf

    • SHA512

      9ebb1ccfa9767f5a8ccaf7b5e72cc29fb8ca4fb97c79b826f82c9aab8fa73f393959fcd9ee263354e58178ba81324c205be66109b592b2af7df36588e3b7cdff

    • SSDEEP

      1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqR:FW+1oS4l5OeuQdrmwvL8EqR

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks