andromeda | c58e88a5d0f0783f9c64db72aca03b7c1355aa9d210a888bcd0f351c94f695e2 | Triage

Submit
Reports

Overview

overview

Static

static

3

c58e88a5d0...2N.exe

windows7-x64

c58e88a5d0...2N.exe

windows10-2004-x64

Sharing

General

Target

c58e88a5d0f0783f9c64db72aca03b7c1355aa9d210a888bcd0f351c94f695e2N.exe
Size

155KB
Sample

241203-v1chjsvqet
MD5

d968ebeaba834057ca30a7747b4c11f0
SHA1

5d0d1d5d1093a2adc0b289ada7900dfa5951701a
SHA256

c58e88a5d0f0783f9c64db72aca03b7c1355aa9d210a888bcd0f351c94f695e2
SHA512

b9e3ae640aad6325a80c629bf2ac195e336ff599d5b5ce9b71b7f1461b353a22ed767d794fef2edad768cd7e236c53b54753e30856a8358a641d3bdbd4734c09
SSDEEP

1536:mvy50tV44aqwoa9ujdbNyVXa1lgNdaOCt1kTWoLY/r4T8YorEkyrnrm0URup:mtWZqwoa9Xa1Idart19c

Score

10^/10

andromeda backdoor botnet discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c58e88a5d0f0783f9c64db72aca03b7c1355aa9d210a888bcd0f351c94f695e2N.exe

Resource

win7-20240903-en

andromeda backdoor botnet discovery

windows7-x64

8 signatures

120 seconds

Behavioral task

behavioral2

Sample

c58e88a5d0f0783f9c64db72aca03b7c1355aa9d210a888bcd0f351c94f695e2N.exe

Resource

win10v2004-20241007-en

andromeda backdoor botnet discovery persistence

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Targets

- Target
  
  c58e88a5d0f0783f9c64db72aca03b7c1355aa9d210a888bcd0f351c94f695e2N.exe
- Size
  
  155KB
- MD5
  
  d968ebeaba834057ca30a7747b4c11f0
- SHA1
  
  5d0d1d5d1093a2adc0b289ada7900dfa5951701a
- SHA256
  
  c58e88a5d0f0783f9c64db72aca03b7c1355aa9d210a888bcd0f351c94f695e2
- SHA512
  
  b9e3ae640aad6325a80c629bf2ac195e336ff599d5b5ce9b71b7f1461b353a22ed767d794fef2edad768cd7e236c53b54753e30856a8358a641d3bdbd4734c09
- SSDEEP
  
  1536:mvy50tV44aqwoa9ujdbNyVXa1lgNdaOCt1kTWoLY/r4T8YorEkyrnrm0URup:mtWZqwoa9Xa1Idart19c
Score

10^/10

andromeda backdoor botnet discovery persistence
- Andromeda family
  andromeda
- Andromeda, Gamarue
  Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
  botnet backdoor andromeda
- Detects Andromeda payload.
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

andromedabackdoorbotnetdiscovery

behavioral2

andromedabackdoorbotnetdiscoverypersistence

© 2018-2025

Terms | Privacy