Overview

overview

10

Static

static

3

JaffaCakes...b0.exe

windows7-x64

10

JaffaCakes...b0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4e43dbafd19824fa6f7080203bf11ab0

  • Size

    78KB

  • Sample

    250304-tas7yatxdx

  • MD5

    4e43dbafd19824fa6f7080203bf11ab0

  • SHA1

    96c38994a3832b3f836279686c85c72e1917a65d

  • SHA256

    4f4123cb895b483506943324236ed78d3ba9cb525477a033741eb65b73d3b6c1

  • SHA512

    bb3e51767b99a55eef5c6d55484acf3d131c8c7cb04ef8cd4b1d3278741ffa0642a5244526e900c0690916c4616fc362a57498dd949162778cb512d6831dab05

  • SSDEEP

    768:B6Qrox4Gb+nNbsrFpoQNYSCZ+S6Mazz86O30SQSWjIj2BQjreUmPysXBTtlNhN7V:AfqnhsoQNhCZ+oazz/On0QjreUmKu5B7

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      JaffaCakes118_4e43dbafd19824fa6f7080203bf11ab0

    • Size

      78KB

    • MD5

      4e43dbafd19824fa6f7080203bf11ab0

    • SHA1

      96c38994a3832b3f836279686c85c72e1917a65d

    • SHA256

      4f4123cb895b483506943324236ed78d3ba9cb525477a033741eb65b73d3b6c1

    • SHA512

      bb3e51767b99a55eef5c6d55484acf3d131c8c7cb04ef8cd4b1d3278741ffa0642a5244526e900c0690916c4616fc362a57498dd949162778cb512d6831dab05

    • SSDEEP

      768:B6Qrox4Gb+nNbsrFpoQNYSCZ+S6Mazz86O30SQSWjIj2BQjreUmPysXBTtlNhN7V:AfqnhsoQNhCZ+oazz/On0QjreUmKu5B7

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks