Overview

overview

10

Static

static

3

0e0f066185...4N.exe

windows7-x64

10

0e0f066185...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e0f066185c51bd8094073d83405f6644fe1648fa057339a0d2c29654f209994N.exe

  • Size

    209KB

  • Sample

    241129-hvn8yasjay

  • MD5

    165fb42ad87d100317a27354252b88d0

  • SHA1

    90daeb70b13fec67238b3d086106e4b772d27744

  • SHA256

    0e0f066185c51bd8094073d83405f6644fe1648fa057339a0d2c29654f209994

  • SHA512

    9e78e1d99aed6745514cacaeaf19b4acaece1066a8b9a5e5ea931f348606411a50e65aef995ab5ce75f50134b52efdd50175e883e817ef80a00712ab660743fe

  • SSDEEP

    6144:/14RzUNsYN1B9nX9Ud9HDLucWEwCYekCfPRhTUadKk5vCQoiDFD3WOqxHV8qmXK2:/8zCsYBcDj

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      0e0f066185c51bd8094073d83405f6644fe1648fa057339a0d2c29654f209994N.exe

    • Size

      209KB

    • MD5

      165fb42ad87d100317a27354252b88d0

    • SHA1

      90daeb70b13fec67238b3d086106e4b772d27744

    • SHA256

      0e0f066185c51bd8094073d83405f6644fe1648fa057339a0d2c29654f209994

    • SHA512

      9e78e1d99aed6745514cacaeaf19b4acaece1066a8b9a5e5ea931f348606411a50e65aef995ab5ce75f50134b52efdd50175e883e817ef80a00712ab660743fe

    • SSDEEP

      6144:/14RzUNsYN1B9nX9Ud9HDLucWEwCYekCfPRhTUadKk5vCQoiDFD3WOqxHV8qmXK2:/8zCsYBcDj

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks