General

  • Target

    7b3e30e114676ebe8748cf372fc9fb6d46cbca81d3a379da8aa0912f2c70fef3.exe

  • Size

    103KB

  • Sample

    241211-cz6qwswner

  • MD5

    c73572009443146f145a3eaf420b6aa8

  • SHA1

    4443cea880c102f91c69af4aec667d0358dc3f4e

  • SHA256

    7b3e30e114676ebe8748cf372fc9fb6d46cbca81d3a379da8aa0912f2c70fef3

  • SHA512

    71af463e504460661ea797f8f4babc91d15df7128651f2ae83d388f0d1a636ca53227fe81979630488af5f448a0c665b4d95f64a5357da93595d9daf19cb3314

  • SSDEEP

    1536:RLHT7gb3xn0dHoRnX3/wkBiGpRiWKXs4Tw:xfUBcoRnXPwciAEWKXsCw

Malware Config

Targets

    • Target

      7b3e30e114676ebe8748cf372fc9fb6d46cbca81d3a379da8aa0912f2c70fef3.exe

    • Size

      103KB

    • MD5

      c73572009443146f145a3eaf420b6aa8

    • SHA1

      4443cea880c102f91c69af4aec667d0358dc3f4e

    • SHA256

      7b3e30e114676ebe8748cf372fc9fb6d46cbca81d3a379da8aa0912f2c70fef3

    • SHA512

      71af463e504460661ea797f8f4babc91d15df7128651f2ae83d388f0d1a636ca53227fe81979630488af5f448a0c665b4d95f64a5357da93595d9daf19cb3314

    • SSDEEP

      1536:RLHT7gb3xn0dHoRnX3/wkBiGpRiWKXs4Tw:xfUBcoRnXPwciAEWKXsCw

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks