General

  • Target

    d331379c943142f5952ae729d1f692e4_JaffaCakes118

  • Size

    43KB

  • Sample

    241207-xx4hzatpgr

  • MD5

    d331379c943142f5952ae729d1f692e4

  • SHA1

    fadb1b96b02002b8bc2f6b1db65f8c3aee5b5ea2

  • SHA256

    cdf87eb357b53adc8a255daa86425733e5b87d658098d53fe2beb88cfd2f0245

  • SHA512

    4bc6f44c7043609ac75768afd38ed4feef3937d2190078f462db2659ebb168c1ec657cabcc84bda8a1ba533538e52ad3dec07323e1bf9b95159683aa6e749b0e

  • SSDEEP

    384:NxanLxG9AbOt0sniZg8aW2/S2+lluEF0z/LXPlKE0ord8aUgo:+3sn4+v4luEF2z/lgi80

Malware Config

Targets

    • Target

      d331379c943142f5952ae729d1f692e4_JaffaCakes118

    • Size

      43KB

    • MD5

      d331379c943142f5952ae729d1f692e4

    • SHA1

      fadb1b96b02002b8bc2f6b1db65f8c3aee5b5ea2

    • SHA256

      cdf87eb357b53adc8a255daa86425733e5b87d658098d53fe2beb88cfd2f0245

    • SHA512

      4bc6f44c7043609ac75768afd38ed4feef3937d2190078f462db2659ebb168c1ec657cabcc84bda8a1ba533538e52ad3dec07323e1bf9b95159683aa6e749b0e

    • SSDEEP

      384:NxanLxG9AbOt0sniZg8aW2/S2+lluEF0z/LXPlKE0ord8aUgo:+3sn4+v4luEF2z/lgi80

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks