General

  • Target

    e4c927e18dd08913a9d5cc03aa465583_JaffaCakes118

  • Size

    54KB

  • Sample

    241212-fkdy4swjfm

  • MD5

    e4c927e18dd08913a9d5cc03aa465583

  • SHA1

    f4b2aedc4b4a807ef4e12c05f1c40c3b54dafb15

  • SHA256

    a807babce59c19a3e1f6f9b40d126d0dce736f351144633f94641d8db0f6da5d

  • SHA512

    9e7392e1716132384ab05822f2276675022a57834923b28600b13b986dfd9721abf06183c732016349615b6f8482561f524fd0803ff47f4657fec0476fc87041

  • SSDEEP

    1536:J/JKZkqbwftqly/we2nMymuhpSg7YUIS7nCoOkBUu:JSkywFqly/wR5Lhp/8U15U

Malware Config

Targets

    • Target

      e4c927e18dd08913a9d5cc03aa465583_JaffaCakes118

    • Size

      54KB

    • MD5

      e4c927e18dd08913a9d5cc03aa465583

    • SHA1

      f4b2aedc4b4a807ef4e12c05f1c40c3b54dafb15

    • SHA256

      a807babce59c19a3e1f6f9b40d126d0dce736f351144633f94641d8db0f6da5d

    • SHA512

      9e7392e1716132384ab05822f2276675022a57834923b28600b13b986dfd9721abf06183c732016349615b6f8482561f524fd0803ff47f4657fec0476fc87041

    • SSDEEP

      1536:J/JKZkqbwftqly/we2nMymuhpSg7YUIS7nCoOkBUu:JSkywFqly/wR5Lhp/8U15U

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks