General

  • Target

    ea999ad0155437cefaa39745adf48a46_JaffaCakes118

  • Size

    74KB

  • Sample

    241213-jfr7qasmaw

  • MD5

    ea999ad0155437cefaa39745adf48a46

  • SHA1

    43f7963bca1578f3968ac8340cf43a1d0406afe4

  • SHA256

    07661bcf9b5d6f75bc314780b3f207a06ffab7860ba9200989e6901c7c99fe25

  • SHA512

    f45711c7e8548d5e2cf437212628e5404fce8206849add64019d9379f5c6d9595a23d341b413680f0c702c980981b67918fd402f091e70208616cc8838e6fa29

  • SSDEEP

    384:IjPdeK/TDAIkbTe7IdU6deTvR9DiaAdFTiWNRqygdq7fsKwCUTNjGG:1DPbzdKT/6FTiWbr7fPwxjH

Malware Config

Targets

    • Target

      ea999ad0155437cefaa39745adf48a46_JaffaCakes118

    • Size

      74KB

    • MD5

      ea999ad0155437cefaa39745adf48a46

    • SHA1

      43f7963bca1578f3968ac8340cf43a1d0406afe4

    • SHA256

      07661bcf9b5d6f75bc314780b3f207a06ffab7860ba9200989e6901c7c99fe25

    • SHA512

      f45711c7e8548d5e2cf437212628e5404fce8206849add64019d9379f5c6d9595a23d341b413680f0c702c980981b67918fd402f091e70208616cc8838e6fa29

    • SSDEEP

      384:IjPdeK/TDAIkbTe7IdU6deTvR9DiaAdFTiWNRqygdq7fsKwCUTNjGG:1DPbzdKT/6FTiWbr7fPwxjH

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks