General

  • Target

    d9984c9a1eb5deca2d6cd69036d86b95_JaffaCakes118

  • Size

    51KB

  • Sample

    241209-pjecxsxkfs

  • MD5

    d9984c9a1eb5deca2d6cd69036d86b95

  • SHA1

    560d8f8d9d67dc90ed98bf4e38853071ce02be8d

  • SHA256

    bda38015d8ff01de197fccced160dd0c5d874588b1908360a73329dd0024103f

  • SHA512

    27709362f7ca8e627a20bf826226fc25112c24197120c2efdb0e020aa8ca542270350fad2c10694a46b9401577802ab73c592242b82142715511cd8863794a52

  • SSDEEP

    384:MPYBRJaf7nsyFtiAKh3PFmHB565UfolOTpSF3YYFiBA1X31T3jmMJ9WZck6Pgk5:tiDK5dmpR4F53RzJ9Pk

Malware Config

Targets

    • Target

      d9984c9a1eb5deca2d6cd69036d86b95_JaffaCakes118

    • Size

      51KB

    • MD5

      d9984c9a1eb5deca2d6cd69036d86b95

    • SHA1

      560d8f8d9d67dc90ed98bf4e38853071ce02be8d

    • SHA256

      bda38015d8ff01de197fccced160dd0c5d874588b1908360a73329dd0024103f

    • SHA512

      27709362f7ca8e627a20bf826226fc25112c24197120c2efdb0e020aa8ca542270350fad2c10694a46b9401577802ab73c592242b82142715511cd8863794a52

    • SSDEEP

      384:MPYBRJaf7nsyFtiAKh3PFmHB565UfolOTpSF3YYFiBA1X31T3jmMJ9WZck6Pgk5:tiDK5dmpR4F53RzJ9Pk

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks