General

  • Target

    ede425ce26d8c40ae21db6060c84490de30d046876e6d874bce53f976b73c6d7N.exe

  • Size

    380KB

  • Sample

    241203-jdlxxs1ncq

  • MD5

    cc60107df5ba78792fd5a866ca8fd4e0

  • SHA1

    e6ff1a0e4ed00c890ce65d03046c6448bc2d4883

  • SHA256

    ede425ce26d8c40ae21db6060c84490de30d046876e6d874bce53f976b73c6d7

  • SHA512

    dc4280b0d8c62fe4abbc8d3c6585605aee34edf22a17c9b0caf75fdfe836ffde3ee59a5d05edbe1be91d20acc7497462aa2e60a33f8479cb51d353fef8a4675c

  • SSDEEP

    6144:Y5GBJTHM/Sht2gjFjJ0S9nYtluxpMfbgJM1MVh9Za5fk3loim:WuTHM/Shtn1SluxM2VHEuoim

Malware Config

Targets

    • Target

      ede425ce26d8c40ae21db6060c84490de30d046876e6d874bce53f976b73c6d7N.exe

    • Size

      380KB

    • MD5

      cc60107df5ba78792fd5a866ca8fd4e0

    • SHA1

      e6ff1a0e4ed00c890ce65d03046c6448bc2d4883

    • SHA256

      ede425ce26d8c40ae21db6060c84490de30d046876e6d874bce53f976b73c6d7

    • SHA512

      dc4280b0d8c62fe4abbc8d3c6585605aee34edf22a17c9b0caf75fdfe836ffde3ee59a5d05edbe1be91d20acc7497462aa2e60a33f8479cb51d353fef8a4675c

    • SSDEEP

      6144:Y5GBJTHM/Sht2gjFjJ0S9nYtluxpMfbgJM1MVh9Za5fk3loim:WuTHM/Shtn1SluxM2VHEuoim

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks