Overview

overview

10

Static

static

3

DHL report.exe

windows7-x64

10

DHL report.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cae7db95c5fbeda446620050b6925e17_JaffaCakes118

  • Size

    68KB

  • Sample

    241206-egxflsyndx

  • MD5

    cae7db95c5fbeda446620050b6925e17

  • SHA1

    3063a21c7ec1aeff2b5e13d835a120f621a0404e

  • SHA256

    220af8dd9d309a04b1ec88dc4858935e410f7b2440ac2dfdd0af4313b97e589c

  • SHA512

    b8c00987f80252fe3b627eec7783af54a55b8a5aabaf55e2e6fcadcb71c12414909789bdbbde976014494c3b63f5320d12a185bc1fa7086d12031a2031305376

  • SSDEEP

    768:E4U4YF8hlsKvHRUfKUUkwFvHXx6WusomAhRD53VvIqc+cEcgavVy4Ms85BHsxrig:tdniZee/hRRVvIqcpQsO9XIrIW5Ih

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      DHL report.exe

    • Size

      49KB

    • MD5

      e159244bde88c7f35c6aff4b31cebe32

    • SHA1

      dbc4f23cb591d22d5dd1f621cd95420ecc284bba

    • SHA256

      8acae84e65b9f1d732330fa4811f4af3c71dd58638c6dbbabe29f806d02b56b0

    • SHA512

      2e84d1050c9ac155544ef55b6a713ebfec51b12a4ba2bd5d90f3e77b3127e57907bb6a9e5fc7dbda19c1a9ea305bb908d6e68b57564ecbab4704868441ef9950

    • SSDEEP

      768:lIbB4orG2q2tcJKtD+Jxgje1HKcloTNu4rRzpKqpnxjdkUEDmBw6:l0G2lYA+JCDcloMrCFdkhma6

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks