Overview

overview

10

Static

static

3

1c5a553ad7...cb.exe

windows7-x64

10

1c5a553ad7...cb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c5a553ad750678a9513409e475a39293df5ad6b634708b89767999bd89d62cb.exe

  • Size

    212KB

  • Sample

    250225-h8dz5awqs4

  • MD5

    24fc3e3fb39cf35338db9bf0c9da72fe

  • SHA1

    cb9267f11f74cf086d27e05be368124b5d7e3e79

  • SHA256

    1c5a553ad750678a9513409e475a39293df5ad6b634708b89767999bd89d62cb

  • SHA512

    8cf05bf6709d1ea89751298157f05496e657f0f58d553456b41a5e2329e0d42021cfab980750947c2c19473605bd3f617e9a33606f4cfd1dd8e31d8a51879f33

  • SSDEEP

    3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9HK3:/14RzUNsYN1B9nX9Ud9Hm

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      1c5a553ad750678a9513409e475a39293df5ad6b634708b89767999bd89d62cb.exe

    • Size

      212KB

    • MD5

      24fc3e3fb39cf35338db9bf0c9da72fe

    • SHA1

      cb9267f11f74cf086d27e05be368124b5d7e3e79

    • SHA256

      1c5a553ad750678a9513409e475a39293df5ad6b634708b89767999bd89d62cb

    • SHA512

      8cf05bf6709d1ea89751298157f05496e657f0f58d553456b41a5e2329e0d42021cfab980750947c2c19473605bd3f617e9a33606f4cfd1dd8e31d8a51879f33

    • SSDEEP

      3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9HK3:/14RzUNsYN1B9nX9Ud9Hm

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks