General

  • Target

    d59102be9aa92ee14ce511e6c69a209a_JaffaCakes118

  • Size

    300KB

  • Sample

    241208-gnmwvszpck

  • MD5

    d59102be9aa92ee14ce511e6c69a209a

  • SHA1

    059249afd0fdafef356de10b52ed8b6bd3619373

  • SHA256

    d540495450d6e58a6e39643d3a8b466bfff2667c99dfdf495f02db61948ae536

  • SHA512

    9a0cf31c733fbd0badfb0d6a2b7e9dd86bc66609ad09efea35d7c387800d3fa0afd6b02b5f9cc2a2b18e0fed3c6df1305389fb0ce09b3949458b196a660625c0

  • SSDEEP

    6144:DUOOrPNcXH2dxJOR8ghuinEKbaHddGE2IPuCZdXqfPdI:ur9vJWhVnI3GExGCZwfe

Malware Config

Targets

    • Target

      d59102be9aa92ee14ce511e6c69a209a_JaffaCakes118

    • Size

      300KB

    • MD5

      d59102be9aa92ee14ce511e6c69a209a

    • SHA1

      059249afd0fdafef356de10b52ed8b6bd3619373

    • SHA256

      d540495450d6e58a6e39643d3a8b466bfff2667c99dfdf495f02db61948ae536

    • SHA512

      9a0cf31c733fbd0badfb0d6a2b7e9dd86bc66609ad09efea35d7c387800d3fa0afd6b02b5f9cc2a2b18e0fed3c6df1305389fb0ce09b3949458b196a660625c0

    • SSDEEP

      6144:DUOOrPNcXH2dxJOR8ghuinEKbaHddGE2IPuCZdXqfPdI:ur9vJWhVnI3GExGCZwfe

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks