Overview

overview

10

Static

static

3

c059816a9e...18.exe

windows7-x64

10

c059816a9e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c059816a9e77113092f7c6adb2deeceb_JaffaCakes118

  • Size

    45KB

  • Sample

    241204-cp9d2awpey

  • MD5

    c059816a9e77113092f7c6adb2deeceb

  • SHA1

    9a68f72228209eab1bd931690c649a9b06a38c81

  • SHA256

    e1933e625dae9f9df4c1c77821a92986e3b3c37d94521f86c3c5cdc489ca7980

  • SHA512

    764fd86452e9e72f4b873be37389423f4c32233d70fdc753728be717aeafd0434be529441520bc7381f3a0398d48092046ec0f9fcaf4e5821723da8ca9538b37

  • SSDEEP

    768:mvc89Qj5W7QEEwGmt7b2HjaSXm4pSLK++Asclg/mLzUqgMKT0TUB:q/QIUFwGQb2DaS2ccTWOH6TB

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      c059816a9e77113092f7c6adb2deeceb_JaffaCakes118

    • Size

      45KB

    • MD5

      c059816a9e77113092f7c6adb2deeceb

    • SHA1

      9a68f72228209eab1bd931690c649a9b06a38c81

    • SHA256

      e1933e625dae9f9df4c1c77821a92986e3b3c37d94521f86c3c5cdc489ca7980

    • SHA512

      764fd86452e9e72f4b873be37389423f4c32233d70fdc753728be717aeafd0434be529441520bc7381f3a0398d48092046ec0f9fcaf4e5821723da8ca9538b37

    • SSDEEP

      768:mvc89Qj5W7QEEwGmt7b2HjaSXm4pSLK++Asclg/mLzUqgMKT0TUB:q/QIUFwGQb2DaS2ccTWOH6TB

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks