General

  • Target

    ed8b822deb0eebf7d81af692d01ac900_JaffaCakes118

  • Size

    43KB

  • Sample

    241214-hqcdkswphm

  • MD5

    ed8b822deb0eebf7d81af692d01ac900

  • SHA1

    8878df0f1b4d1f1a0a219ad9219e27a943b53bae

  • SHA256

    c244625edfeb0a6286e37d953b212af2dc92910bb2e4fc2e90d5794e14700558

  • SHA512

    2fef6428ff1eea567b5ebf58fee978351af630e0c888a3b93aa85273a8abfa15839af51bc0b4f55de358022646bed1aa0ab418e5b24f92300592f2e1ffe00436

  • SSDEEP

    768:AehDjNCLbnnZvvBjFqYDHVsUS8IFjiPt4rGY3d46Z+H9s0V0AuQY:bhsfxDp6US806t46YJn0VJu3

Malware Config

Targets

    • Target

      Vodafone network MMS.jpeg.exe

    • Size

      38KB

    • MD5

      28eaa1040f6a8cc19e103b8032f8dc94

    • SHA1

      e66e5855e2157386d7ce60dda2597bcc231df17c

    • SHA256

      106026c21b0c973dbd18eb435a90e65bc87a7ee5d08f3773a0a6d951f8ff264e

    • SHA512

      c1c0e4cdd3727d2ba91513d2a74e99270a5c71d14cf398e7b6fe82171a120006704184e28ce6601ab64502fa007b3d83afe9a1e9ed0e4395bc91cd7a1ff023bc

    • SSDEEP

      768:jGVMgg916Uvz6HxGCM774vJVN/yf64q/2X4LhQoY:aM316Y+RY7UJqHdXohU

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks