Overview

overview

10

Static

static

3

JaffaCakes...cc.exe

windows7-x64

10

JaffaCakes...cc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_41a2c399516f2470959a382e563822cc

  • Size

    48KB

  • Sample

    250302-v9j9razvct

  • MD5

    41a2c399516f2470959a382e563822cc

  • SHA1

    9d56f94b62806abdcf659a094d2c174131c930a1

  • SHA256

    b4a44ec9a134f62ce392fe2216ad346369f91b409305845457f5c5e5daed0272

  • SHA512

    3589903696fbd246c962f23e54eac00ffeaf2e9ade363c155f32cf85cb3a4805196d5b73ebb77a8b5a77ae1fc587e21614bfd662d0a0b7c8bc84f9e875b8be97

  • SSDEEP

    768:ETVv16xRJHk8qPKzvPf6FLWQAcLiO9gmu:2VYRJEHRdQmir

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      JaffaCakes118_41a2c399516f2470959a382e563822cc

    • Size

      48KB

    • MD5

      41a2c399516f2470959a382e563822cc

    • SHA1

      9d56f94b62806abdcf659a094d2c174131c930a1

    • SHA256

      b4a44ec9a134f62ce392fe2216ad346369f91b409305845457f5c5e5daed0272

    • SHA512

      3589903696fbd246c962f23e54eac00ffeaf2e9ade363c155f32cf85cb3a4805196d5b73ebb77a8b5a77ae1fc587e21614bfd662d0a0b7c8bc84f9e875b8be97

    • SSDEEP

      768:ETVv16xRJHk8qPKzvPf6FLWQAcLiO9gmu:2VYRJEHRdQmir

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks