andromeda | 9f0413393141fd30ddaae4bcf8496f8d7dffa5f5ed823045a0336eafdeac643b | Triage

Submit
Reports

Overview

overview

Static

static

3

9f04133931...3b.exe

windows7-x64

9f04133931...3b.exe

windows10-2004-x64

Sharing

General

Target

9f0413393141fd30ddaae4bcf8496f8d7dffa5f5ed823045a0336eafdeac643b
Size

122KB
Sample

241203-axr4lswrbp
MD5

99a2a998c8fce3bbcae4b826665bb413
SHA1

3bb26a03f896d94eb33926b51f31fb9f96066351
SHA256

9f0413393141fd30ddaae4bcf8496f8d7dffa5f5ed823045a0336eafdeac643b
SHA512

c863914f8f70772c0171082c08f98b538d5c3875e25a5589fa429410b95a9440ac03aa865fc0902ab7c7935d9c1ac0ccf9f93878d2c8d57cd8d18868fecfa476
SSDEEP

1536:BxR5bM9oLiCMsJozgKWNJ4NJxPMg2o1Ej7Mij4oPV/CGgcibvdbWR9ZwLTaCYlrA:BP5bphozgKWNJ4NJxPR1A7E

Score

10^/10

andromeda backdoor botnet discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9f0413393141fd30ddaae4bcf8496f8d7dffa5f5ed823045a0336eafdeac643b.exe

Resource

win7-20240729-en

andromeda backdoor botnet discovery

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f0413393141fd30ddaae4bcf8496f8d7dffa5f5ed823045a0336eafdeac643b.exe

Resource

win10v2004-20241007-en

andromeda backdoor botnet discovery persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  9f0413393141fd30ddaae4bcf8496f8d7dffa5f5ed823045a0336eafdeac643b
- Size
  
  122KB
- MD5
  
  99a2a998c8fce3bbcae4b826665bb413
- SHA1
  
  3bb26a03f896d94eb33926b51f31fb9f96066351
- SHA256
  
  9f0413393141fd30ddaae4bcf8496f8d7dffa5f5ed823045a0336eafdeac643b
- SHA512
  
  c863914f8f70772c0171082c08f98b538d5c3875e25a5589fa429410b95a9440ac03aa865fc0902ab7c7935d9c1ac0ccf9f93878d2c8d57cd8d18868fecfa476
- SSDEEP
  
  1536:BxR5bM9oLiCMsJozgKWNJ4NJxPMg2o1Ej7Mij4oPV/CGgcibvdbWR9ZwLTaCYlrA:BP5bphozgKWNJ4NJxPR1A7E
Score

10^/10

andromeda backdoor botnet discovery persistence
- Andromeda family
  andromeda
- Andromeda, Gamarue
  Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
  botnet backdoor andromeda
- Detects Andromeda payload.
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

andromedabackdoorbotnetdiscovery

behavioral2

andromedabackdoorbotnetdiscoverypersistence

© 2018-2025

Terms | Privacy