Overview

overview

10

Static

static

3

1b4991c5e0...fN.exe

windows7-x64

10

1b4991c5e0...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b4991c5e024586f21707566927cca47ca2b80acd13ba8ec7a7286fd085607dfN.exe

  • Size

    185KB

  • Sample

    250107-v35xwasqdl

  • MD5

    7a112192ebf86326d50c51f631bc08c0

  • SHA1

    b703cfb0af293241f8df417489bd105bb4520288

  • SHA256

    1b4991c5e024586f21707566927cca47ca2b80acd13ba8ec7a7286fd085607df

  • SHA512

    6aaf6bb8e7855288ff96f4984d17a3f306294a2bb342c62382e42dd665b6ad748c22de0d171dbba267a8231bf6977929bdfe58b4ac2739e327e4243486421e8f

  • SSDEEP

    1536:/CdmNSU5kV0p1kuodRDZRUWWs6or7f1VYGLaMupM:/CdAkSHkuodRDLUdzo73eM

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      1b4991c5e024586f21707566927cca47ca2b80acd13ba8ec7a7286fd085607dfN.exe

    • Size

      185KB

    • MD5

      7a112192ebf86326d50c51f631bc08c0

    • SHA1

      b703cfb0af293241f8df417489bd105bb4520288

    • SHA256

      1b4991c5e024586f21707566927cca47ca2b80acd13ba8ec7a7286fd085607df

    • SHA512

      6aaf6bb8e7855288ff96f4984d17a3f306294a2bb342c62382e42dd665b6ad748c22de0d171dbba267a8231bf6977929bdfe58b4ac2739e327e4243486421e8f

    • SSDEEP

      1536:/CdmNSU5kV0p1kuodRDZRUWWs6or7f1VYGLaMupM:/CdAkSHkuodRDLUdzo73eM

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks