General

  • Target

    de123e738152734e971b631309d9cc07_JaffaCakes118

  • Size

    85KB

  • Sample

    241210-wxedeaxpeq

  • MD5

    de123e738152734e971b631309d9cc07

  • SHA1

    eb78a3a8e21251effe78664d65df84de5b7bef78

  • SHA256

    e9c6035934b2f3758634fed98f6d50112775ae5aa6f9d489479601b40c409af8

  • SHA512

    97c0c92242f4882204523d0c7c4886d7afda5239ebdcec3937d67ff3b57d3a044afb14e749c9ee566f7c630f8b7c000bbaea733205957a0ea7c64cafa1738eb2

  • SSDEEP

    1536:wA2oK6c4mAbgzfIX185fvRcNUvrHXJA11a2Aic:j2mfdbGnvRcNUvbXJA184c

Malware Config

Targets

    • Target

      de123e738152734e971b631309d9cc07_JaffaCakes118

    • Size

      85KB

    • MD5

      de123e738152734e971b631309d9cc07

    • SHA1

      eb78a3a8e21251effe78664d65df84de5b7bef78

    • SHA256

      e9c6035934b2f3758634fed98f6d50112775ae5aa6f9d489479601b40c409af8

    • SHA512

      97c0c92242f4882204523d0c7c4886d7afda5239ebdcec3937d67ff3b57d3a044afb14e749c9ee566f7c630f8b7c000bbaea733205957a0ea7c64cafa1738eb2

    • SSDEEP

      1536:wA2oK6c4mAbgzfIX185fvRcNUvrHXJA11a2Aic:j2mfdbGnvRcNUvbXJA184c

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks