General

  • Target

    ecb3813f085ebddaf4db54de33befe3f_JaffaCakes118

  • Size

    86KB

  • Sample

    241213-wjrrkswpct

  • MD5

    ecb3813f085ebddaf4db54de33befe3f

  • SHA1

    dbffd3e183a8c2aeedc6efab08ae8386480fb3e9

  • SHA256

    dabf7cbe969e8615ba10aded2a1668d16c217381bfc0652aba26d87e42218522

  • SHA512

    8e0b33c07a14ef58e8ffff2e826c92cfd7976ceae68e40e6ad5de55ac7d7bca8962473b0ff1e74969392e653c2b813be6410bfa1474e5fa8be7f197957684102

  • SSDEEP

    1536:GZmq59UQhFwPXmsSvVu1AzltDlJTe0Pr5AnjaKlG8BL:W9Uk2bQfzfDTeYEjaCL

Malware Config

Targets

    • Target

      ecb3813f085ebddaf4db54de33befe3f_JaffaCakes118

    • Size

      86KB

    • MD5

      ecb3813f085ebddaf4db54de33befe3f

    • SHA1

      dbffd3e183a8c2aeedc6efab08ae8386480fb3e9

    • SHA256

      dabf7cbe969e8615ba10aded2a1668d16c217381bfc0652aba26d87e42218522

    • SHA512

      8e0b33c07a14ef58e8ffff2e826c92cfd7976ceae68e40e6ad5de55ac7d7bca8962473b0ff1e74969392e653c2b813be6410bfa1474e5fa8be7f197957684102

    • SSDEEP

      1536:GZmq59UQhFwPXmsSvVu1AzltDlJTe0Pr5AnjaKlG8BL:W9Uk2bQfzfDTeYEjaCL

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks