Overview

overview

10

Static

static

3

b4aa15deda...18.exe

windows7-x64

10

b4aa15deda...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4aa15dedab1394293d34435691e4b98_JaffaCakes118

  • Size

    59KB

  • Sample

    241130-egpqrsvqhp

  • MD5

    b4aa15dedab1394293d34435691e4b98

  • SHA1

    c009b7d25411de48ed1767010a294db8d8aa982b

  • SHA256

    e89501359ea45090e291c41057a4a1a1f8f085ace3bbd0a010644137abd45a74

  • SHA512

    98686a6b5f913823ae05648a9da060d4063c0ed10cbb2687a6cd8a0115c43a126cdd9fef1577ee94ba382ac41fe893dcefcd639ab777e3ac7f582d9be7ff4e97

  • SSDEEP

    1536:FaIH+4X84gYART5m+vWOfTeN4ECVtHu/leA:FKjYc5jOdN4En

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      b4aa15dedab1394293d34435691e4b98_JaffaCakes118

    • Size

      59KB

    • MD5

      b4aa15dedab1394293d34435691e4b98

    • SHA1

      c009b7d25411de48ed1767010a294db8d8aa982b

    • SHA256

      e89501359ea45090e291c41057a4a1a1f8f085ace3bbd0a010644137abd45a74

    • SHA512

      98686a6b5f913823ae05648a9da060d4063c0ed10cbb2687a6cd8a0115c43a126cdd9fef1577ee94ba382ac41fe893dcefcd639ab777e3ac7f582d9be7ff4e97

    • SSDEEP

      1536:FaIH+4X84gYART5m+vWOfTeN4ECVtHu/leA:FKjYc5jOdN4En

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks