Overview

overview

10

Static

static

3

JaffaCakes...4a.exe

windows7-x64

10

JaffaCakes...4a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_45d7f1f9f61ecf0daf142df8cfdebd4a

  • Size

    40KB

  • Sample

    250303-jy4ngasny5

  • MD5

    45d7f1f9f61ecf0daf142df8cfdebd4a

  • SHA1

    290f4d2c1c7944dd5e2efc3717dd68f105f1c289

  • SHA256

    9fde64c88e01fe72c2d2b1cded75d8ecfcb5b7f6307b76f4d7af580d4bcfffed

  • SHA512

    555e3d2350e5956a29b77598fdcfdeb7793ba43cd4ab8682064545334ec82d08e516eece9305e8256d1a36dc50027f1cd0a9d1ffcfc7d5b81c590f16cabbebc4

  • SSDEEP

    768:tPREoJX4AqGd9sSPsE7TKz12153OkK/0kXX:tKEIAq0v7Tb53xs0kX

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      JaffaCakes118_45d7f1f9f61ecf0daf142df8cfdebd4a

    • Size

      40KB

    • MD5

      45d7f1f9f61ecf0daf142df8cfdebd4a

    • SHA1

      290f4d2c1c7944dd5e2efc3717dd68f105f1c289

    • SHA256

      9fde64c88e01fe72c2d2b1cded75d8ecfcb5b7f6307b76f4d7af580d4bcfffed

    • SHA512

      555e3d2350e5956a29b77598fdcfdeb7793ba43cd4ab8682064545334ec82d08e516eece9305e8256d1a36dc50027f1cd0a9d1ffcfc7d5b81c590f16cabbebc4

    • SSDEEP

      768:tPREoJX4AqGd9sSPsE7TKz12153OkK/0kXX:tKEIAq0v7Tb53xs0kX

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks