Overview

overview

10

Static

static

1

cfa83a145e...18.exe

windows7-x64

10

cfa83a145e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfa83a145e5a478bc214a79b531e5ffc_JaffaCakes118

  • Size

    39KB

  • Sample

    241206-3v5adavjgy

  • MD5

    cfa83a145e5a478bc214a79b531e5ffc

  • SHA1

    0cac8bc1e8587bd70776d2cee67513a66cd1583b

  • SHA256

    501d82017e7d809b11f77d226683010cf6b5e49e099a11da3658269a8dd00fcc

  • SHA512

    0dd377e56f68095d11bdec6aa3045a1f2c369393591cda5782c2204c82f23f715d1796122ef2ab46f63757b3f41a4bcc095e7e156780c0a621014a6da7180749

  • SSDEEP

    384:0Ht2iH1wDSfyWz8HaYz//mFAuN9QfZ7fRFaA3/B1jaaQibyjHr+jl81L+Km+5PrT:q5aSHze0QJfqA3/B1HJbaL+ecK1PoH29

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      cfa83a145e5a478bc214a79b531e5ffc_JaffaCakes118

    • Size

      39KB

    • MD5

      cfa83a145e5a478bc214a79b531e5ffc

    • SHA1

      0cac8bc1e8587bd70776d2cee67513a66cd1583b

    • SHA256

      501d82017e7d809b11f77d226683010cf6b5e49e099a11da3658269a8dd00fcc

    • SHA512

      0dd377e56f68095d11bdec6aa3045a1f2c369393591cda5782c2204c82f23f715d1796122ef2ab46f63757b3f41a4bcc095e7e156780c0a621014a6da7180749

    • SSDEEP

      384:0Ht2iH1wDSfyWz8HaYz//mFAuN9QfZ7fRFaA3/B1jaaQibyjHr+jl81L+Km+5PrT:q5aSHze0QJfqA3/B1HJbaL+ecK1PoH29

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks