General
-
Target
JaffaCakes118_2392128aa5f642053f4ca6ba428173d8
-
Size
435KB
-
Sample
250226-dj4f9stqx2
-
MD5
2392128aa5f642053f4ca6ba428173d8
-
SHA1
5dba22fc0ac3a978b12d36126bfd4b0edba645f9
-
SHA256
2fb9f75577fbbe730d75b8cf4e8baebd9cad15c6de976c11800c319173fd0d3b
-
SHA512
a1e5d6dfdf50438aacdb1bd3650879b6d8529b58f1ce0d85e04193e3bc98161264158e7703c6dc6676483d8231d40cbc72a0ec6127fb5adc10577387c861685c
-
SSDEEP
12288:HLJfHjIiVqy7kuHCdcKKabcxVsZQ9kFQKRfrFk5/I:rh5MmJHpfswkGae
Malware Config
Targets
-
-
Target
JaffaCakes118_2392128aa5f642053f4ca6ba428173d8
-
Size
435KB
-
MD5
2392128aa5f642053f4ca6ba428173d8
-
SHA1
5dba22fc0ac3a978b12d36126bfd4b0edba645f9
-
SHA256
2fb9f75577fbbe730d75b8cf4e8baebd9cad15c6de976c11800c319173fd0d3b
-
SHA512
a1e5d6dfdf50438aacdb1bd3650879b6d8529b58f1ce0d85e04193e3bc98161264158e7703c6dc6676483d8231d40cbc72a0ec6127fb5adc10577387c861685c
-
SSDEEP
12288:HLJfHjIiVqy7kuHCdcKKabcxVsZQ9kFQKRfrFk5/I:rh5MmJHpfswkGae
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1