Overview

overview

10

Static

static

1

e2eee13778...18.exe

windows7-x64

10

e2eee13778...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2eee137789b45b79e4d7786b12aa828_JaffaCakes118

  • Size

    149KB

  • Sample

    241211-yemceawkes

  • MD5

    e2eee137789b45b79e4d7786b12aa828

  • SHA1

    60d85136cb48705934becdca6293ee732bd2c5cd

  • SHA256

    b1c59370cf37c16b5ef41303880fdca47816116d594199faccd8bd7cb7c338af

  • SHA512

    8d54c4ba04c273e73713e4e401aa1cbf89db1c7dd5dd0031ef372214e30c9c65258f9d7be1004a621b08cbc357a90252c0d13ac77034826af50fe95df593a012

  • SSDEEP

    768:cQGro7Y+WXg5LEKs1umBGpWGRyX+5Jli+3W+CKaL3rbE:cQGruF9VUGAX+wKNCKa7E

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      e2eee137789b45b79e4d7786b12aa828_JaffaCakes118

    • Size

      149KB

    • MD5

      e2eee137789b45b79e4d7786b12aa828

    • SHA1

      60d85136cb48705934becdca6293ee732bd2c5cd

    • SHA256

      b1c59370cf37c16b5ef41303880fdca47816116d594199faccd8bd7cb7c338af

    • SHA512

      8d54c4ba04c273e73713e4e401aa1cbf89db1c7dd5dd0031ef372214e30c9c65258f9d7be1004a621b08cbc357a90252c0d13ac77034826af50fe95df593a012

    • SSDEEP

      768:cQGro7Y+WXg5LEKs1umBGpWGRyX+5Jli+3W+CKaL3rbE:cQGruF9VUGAX+wKNCKa7E

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks