Overview

overview

10

Static

static

3

9eb16bdb9d...1N.exe

windows7-x64

10

9eb16bdb9d...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9eb16bdb9d9e6e437c317d53a2328f4b16991824d8ffa31064d7a48165bbc731N.exe

  • Size

    116KB

  • Sample

    241130-pn6mzatndt

  • MD5

    9fcda4e666ba0d02b67cc8e5714abb60

  • SHA1

    9a3057420c1881929536cd91de45e7a8d373890d

  • SHA256

    9eb16bdb9d9e6e437c317d53a2328f4b16991824d8ffa31064d7a48165bbc731

  • SHA512

    fc4bdb3665fcbbaed9e31156f2af040cc7bb45003da7568dc108eedddce20b1f40717663e6274c417b1fdfaf8533a028fdf42905546c949604beecac0b8c2516

  • SSDEEP

    1536:mvy50tV44aqwoa9ujdbNyVXa1lgNdaOCt1kTWf:mtWZqwoa9Xa1Idart19f

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      9eb16bdb9d9e6e437c317d53a2328f4b16991824d8ffa31064d7a48165bbc731N.exe

    • Size

      116KB

    • MD5

      9fcda4e666ba0d02b67cc8e5714abb60

    • SHA1

      9a3057420c1881929536cd91de45e7a8d373890d

    • SHA256

      9eb16bdb9d9e6e437c317d53a2328f4b16991824d8ffa31064d7a48165bbc731

    • SHA512

      fc4bdb3665fcbbaed9e31156f2af040cc7bb45003da7568dc108eedddce20b1f40717663e6274c417b1fdfaf8533a028fdf42905546c949604beecac0b8c2516

    • SSDEEP

      1536:mvy50tV44aqwoa9ujdbNyVXa1lgNdaOCt1kTWf:mtWZqwoa9Xa1Idart19f

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks