Overview

overview

10

Static

static

3

54d3b0574a...40.exe

windows7-x64

10

54d3b0574a...40.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54d3b0574a03b18d3ba26632cab5df88e5535b6d6bab1d860f2a386689fb7b40

  • Size

    195KB

  • Sample

    241228-27gt6svncl

  • MD5

    250391de7eecdf18ec986115b82974d2

  • SHA1

    0638abe222370042c24d03c17da2d3d4c53e6e8b

  • SHA256

    54d3b0574a03b18d3ba26632cab5df88e5535b6d6bab1d860f2a386689fb7b40

  • SHA512

    0f1497cbe88143e4596ca84d68f436097c4d74d7a73866324be5c363a526b6ecc719089d95c34f825c0992ee2de67abe45977d233f3265b1d7a0daf60060124b

  • SSDEEP

    3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9HybhGr/bwWa:/14RzUNsYN1B9nX9Ud9HyF

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      54d3b0574a03b18d3ba26632cab5df88e5535b6d6bab1d860f2a386689fb7b40

    • Size

      195KB

    • MD5

      250391de7eecdf18ec986115b82974d2

    • SHA1

      0638abe222370042c24d03c17da2d3d4c53e6e8b

    • SHA256

      54d3b0574a03b18d3ba26632cab5df88e5535b6d6bab1d860f2a386689fb7b40

    • SHA512

      0f1497cbe88143e4596ca84d68f436097c4d74d7a73866324be5c363a526b6ecc719089d95c34f825c0992ee2de67abe45977d233f3265b1d7a0daf60060124b

    • SSDEEP

      3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9HybhGr/bwWa:/14RzUNsYN1B9nX9Ud9HyF

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks