General

  • Target

    bfe5907319ce85275a0da104ac6a6e1e_JaffaCakes118

  • Size

    319KB

  • Sample

    241204-afa4rsxjfj

  • MD5

    bfe5907319ce85275a0da104ac6a6e1e

  • SHA1

    228750ecafa227649c70f02b097ba3cadc0d1011

  • SHA256

    aca740bbd7d1d516678a62aad45cd3af5e67d44d3c021db25b42b3bafb9d8d97

  • SHA512

    90ae69885b588131f34a02ef56fd306d59193c3c587779a49312964491087df5e6fd2e556e5a385f6d2e73e418b923c4275d9b2657d18e0ae75529974aabe619

  • SSDEEP

    6144:RVL0NTPbglYAt3FKeCgJn4EWvZCcBSwUIv8gwwwQVQwM0:RVgNzElYiFfJ45BFkg9wKQw

Malware Config

Targets

    • Target

      bfe5907319ce85275a0da104ac6a6e1e_JaffaCakes118

    • Size

      319KB

    • MD5

      bfe5907319ce85275a0da104ac6a6e1e

    • SHA1

      228750ecafa227649c70f02b097ba3cadc0d1011

    • SHA256

      aca740bbd7d1d516678a62aad45cd3af5e67d44d3c021db25b42b3bafb9d8d97

    • SHA512

      90ae69885b588131f34a02ef56fd306d59193c3c587779a49312964491087df5e6fd2e556e5a385f6d2e73e418b923c4275d9b2657d18e0ae75529974aabe619

    • SSDEEP

      6144:RVL0NTPbglYAt3FKeCgJn4EWvZCcBSwUIv8gwwwQVQwM0:RVgNzElYiFfJ45BFkg9wKQw

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks