Overview

overview

10

Static

static

1

JaffaCakes...bb.exe

windows7-x64

10

JaffaCakes...bb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5a89090a5357ac0c2e6cfcdecf92f6bb

  • Size

    40KB

  • Sample

    250309-wrje6sxtgv

  • MD5

    5a89090a5357ac0c2e6cfcdecf92f6bb

  • SHA1

    1b3d53be370325f08d7c219816b7ebdf881e0a37

  • SHA256

    bed8dbcea7803f19890def8f04a44fbd2aa21c7d7d58775c65b6a2c92fcda52a

  • SHA512

    ce1a56ecce8f9c7241d4e3ba022365321ccdeb489f935b434261b2ef2b8e8b187c22357ae4349097c2ff1c6e56605f29746f1f435c2c5467adfc55e989f57fd8

  • SSDEEP

    768:YauZOSrqaR5L0dHLcv+NOqQjKU8F3ACZH3noTMor5IILkX:xuhxwdH7ImGWwMorBoX

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      JaffaCakes118_5a89090a5357ac0c2e6cfcdecf92f6bb

    • Size

      40KB

    • MD5

      5a89090a5357ac0c2e6cfcdecf92f6bb

    • SHA1

      1b3d53be370325f08d7c219816b7ebdf881e0a37

    • SHA256

      bed8dbcea7803f19890def8f04a44fbd2aa21c7d7d58775c65b6a2c92fcda52a

    • SHA512

      ce1a56ecce8f9c7241d4e3ba022365321ccdeb489f935b434261b2ef2b8e8b187c22357ae4349097c2ff1c6e56605f29746f1f435c2c5467adfc55e989f57fd8

    • SSDEEP

      768:YauZOSrqaR5L0dHLcv+NOqQjKU8F3ACZH3noTMor5IILkX:xuhxwdH7ImGWwMorBoX

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks