General

  • Target

    343f3ddaaed65f402c79ada909b821d3e2c772ba35b4d71ef3cb3bb4e08e831aN.exe

  • Size

    127KB

  • Sample

    241206-j587jaxrfz

  • MD5

    f2ff8e56bb5d26436150193c705dc100

  • SHA1

    dc85ca97da829a53fdd1829df117c540ab374739

  • SHA256

    343f3ddaaed65f402c79ada909b821d3e2c772ba35b4d71ef3cb3bb4e08e831a

  • SHA512

    2dfbd5f51bf01c40080192039ae05c3c4fcbcb7eefffbe672c8aa40c0e089f14b94eabdafbc4e4527f55db7a826777ba2a0694fe8700cf2746c02766c2f41c1a

  • SSDEEP

    3072:jMtDUo6uNpbyFSbPnPEcr5Xy0DlNpecOK4dRpo2jO:wt1pby2VXy0DTpdN2o

Malware Config

Targets

    • Target

      343f3ddaaed65f402c79ada909b821d3e2c772ba35b4d71ef3cb3bb4e08e831aN.exe

    • Size

      127KB

    • MD5

      f2ff8e56bb5d26436150193c705dc100

    • SHA1

      dc85ca97da829a53fdd1829df117c540ab374739

    • SHA256

      343f3ddaaed65f402c79ada909b821d3e2c772ba35b4d71ef3cb3bb4e08e831a

    • SHA512

      2dfbd5f51bf01c40080192039ae05c3c4fcbcb7eefffbe672c8aa40c0e089f14b94eabdafbc4e4527f55db7a826777ba2a0694fe8700cf2746c02766c2f41c1a

    • SSDEEP

      3072:jMtDUo6uNpbyFSbPnPEcr5Xy0DlNpecOK4dRpo2jO:wt1pby2VXy0DTpdN2o

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks