Overview

overview

10

Static

static

3

c45a0df2d9...43.exe

windows7-x64

10

c45a0df2d9...43.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c45a0df2d99a94ae0ac76231a35d58bc0df8f6c95918557c057a1351a9bf4543.exe

  • Size

    106KB

  • Sample

    241202-fl4ads1jfv

  • MD5

    5454a7749b19b7c6ced0d22360c738b1

  • SHA1

    75e1dd056895c0e9cda7b2f4615997d11c2b38f9

  • SHA256

    c45a0df2d99a94ae0ac76231a35d58bc0df8f6c95918557c057a1351a9bf4543

  • SHA512

    77d924f407610b9db8f8a9cc86e34d497b124bb2c08bcbb58d77be97ed3e499c84a89e4a46946d43f6d5b957efe4c94cc7e2f15ecdd39e5d2c914df90866ec95

  • SSDEEP

    1536:7SG9RdzoS5W0tu7mHY0J6V3wdyLpiJGVEP9ywlXR:eaVoS5jTY9AdyLQL

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      c45a0df2d99a94ae0ac76231a35d58bc0df8f6c95918557c057a1351a9bf4543.exe

    • Size

      106KB

    • MD5

      5454a7749b19b7c6ced0d22360c738b1

    • SHA1

      75e1dd056895c0e9cda7b2f4615997d11c2b38f9

    • SHA256

      c45a0df2d99a94ae0ac76231a35d58bc0df8f6c95918557c057a1351a9bf4543

    • SHA512

      77d924f407610b9db8f8a9cc86e34d497b124bb2c08bcbb58d77be97ed3e499c84a89e4a46946d43f6d5b957efe4c94cc7e2f15ecdd39e5d2c914df90866ec95

    • SSDEEP

      1536:7SG9RdzoS5W0tu7mHY0J6V3wdyLpiJGVEP9ywlXR:eaVoS5jTY9AdyLQL

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks