andromeda | fcf6ef18e45949e66e79c580b7f92b9097c41dba3b2976f3235b2f93c7f95082 | Triage

Submit
Reports

Overview

overview

Static

static

3

fcf6ef18e4...82.exe

windows7-x64

fcf6ef18e4...82.exe

windows10-2004-x64

Sharing

General

Target

fcf6ef18e45949e66e79c580b7f92b9097c41dba3b2976f3235b2f93c7f95082.exe
Size

155KB
Sample

241202-m1636a1ng1
MD5

ad08082dbb3d86552b9432ccb0b4ae90
SHA1

52af7c1185b6ff693df2518546731cfb6b1bfce8
SHA256

fcf6ef18e45949e66e79c580b7f92b9097c41dba3b2976f3235b2f93c7f95082
SHA512

3c7a820c47e45a49b8910550285c2a8b1735f6a584470578d1d4205cc525dc654d539cd00f59f496d097c9102f91efa1e2963711144c440b90b3dbc8771e2ae1
SSDEEP

1536:mvy50tV44aqwoa9ujdbNyVXa1lgNdaOCt1kTWoLY/r4T8YorEkyrnrm0URuj:mtWZqwoa9Xa1Idart19E

Score

10^/10

andromeda backdoor botnet discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fcf6ef18e45949e66e79c580b7f92b9097c41dba3b2976f3235b2f93c7f95082.exe

Resource

win7-20240903-en

andromeda backdoor botnet discovery

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

fcf6ef18e45949e66e79c580b7f92b9097c41dba3b2976f3235b2f93c7f95082.exe

Resource

win10v2004-20241007-en

andromeda backdoor botnet discovery persistence

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  fcf6ef18e45949e66e79c580b7f92b9097c41dba3b2976f3235b2f93c7f95082.exe
- Size
  
  155KB
- MD5
  
  ad08082dbb3d86552b9432ccb0b4ae90
- SHA1
  
  52af7c1185b6ff693df2518546731cfb6b1bfce8
- SHA256
  
  fcf6ef18e45949e66e79c580b7f92b9097c41dba3b2976f3235b2f93c7f95082
- SHA512
  
  3c7a820c47e45a49b8910550285c2a8b1735f6a584470578d1d4205cc525dc654d539cd00f59f496d097c9102f91efa1e2963711144c440b90b3dbc8771e2ae1
- SSDEEP
  
  1536:mvy50tV44aqwoa9ujdbNyVXa1lgNdaOCt1kTWoLY/r4T8YorEkyrnrm0URuj:mtWZqwoa9Xa1Idart19E
Score

10^/10

andromeda backdoor botnet discovery persistence
- Andromeda family
  andromeda
- Andromeda, Gamarue
  Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
  botnet backdoor andromeda
- Detects Andromeda payload.
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

andromedabackdoorbotnetdiscovery

behavioral2

andromedabackdoorbotnetdiscoverypersistence

© 2018-2025

Terms | Privacy