General

  • Target

    7ad42fd946fe99c75731d0306b365b43d132e1b0797320d8cc2cf7ee8f0e7005

  • Size

    143KB

  • Sample

    241203-3x7taa1kgv

  • MD5

    cfbcf8098bdb97ef41fd835a7ba846da

  • SHA1

    45deeb2770e509f2330a7e87188ba00097b0d688

  • SHA256

    7ad42fd946fe99c75731d0306b365b43d132e1b0797320d8cc2cf7ee8f0e7005

  • SHA512

    39f86e621b2a2d7c3809ada957c3ff37ed4af281a6f29d92483965baeb06df9bb324d16bf45d6d40181e082efd1091755dea6388e258337cf3e1cb0e8ddd7dfe

  • SSDEEP

    1536:l6u6YB56XJ6owvzbNfURp4VntUhtH7Vi4Bh/:l6uB28owvlrVnihVVi4H/

Malware Config

Targets

    • Target

      7ad42fd946fe99c75731d0306b365b43d132e1b0797320d8cc2cf7ee8f0e7005

    • Size

      143KB

    • MD5

      cfbcf8098bdb97ef41fd835a7ba846da

    • SHA1

      45deeb2770e509f2330a7e87188ba00097b0d688

    • SHA256

      7ad42fd946fe99c75731d0306b365b43d132e1b0797320d8cc2cf7ee8f0e7005

    • SHA512

      39f86e621b2a2d7c3809ada957c3ff37ed4af281a6f29d92483965baeb06df9bb324d16bf45d6d40181e082efd1091755dea6388e258337cf3e1cb0e8ddd7dfe

    • SSDEEP

      1536:l6u6YB56XJ6owvzbNfURp4VntUhtH7Vi4Bh/:l6uB28owvlrVnihVVi4H/

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks