Overview

overview

10

Static

static

3

a9129_3.exe

windows7-x64

10

a9129_3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5e27f39a0756956388446b4db3188efe

  • Size

    39KB

  • Sample

    250310-kr9ftayrz4

  • MD5

    5e27f39a0756956388446b4db3188efe

  • SHA1

    e7b0870f3183f3c4bb24623df1dab2f017fbbff1

  • SHA256

    fc15d25eeb4dcec4c5841521ca0b180cd55d6f193a48beefc20368b96e09e12a

  • SHA512

    347719196293198a16cb5dc8047a6fe0584a4f2b5b0b52ae19795de0017b99b0592a19e8a78c75adf0b1c96e8ab5a166e0e9f01b32f20bb23bad4370b8919074

  • SSDEEP

    768:X9Tghi/JiRR6kKoRN+x+I+nOeq21902ENd4YpmWU3ItHcdC/snRgQa3681XMR1BB:X9T9RivXKhoI+hFEHpp43SACknRmXMRd

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      a9129_3.EXE

    • Size

      63KB

    • MD5

      21f991b22fd9092452f4767e110964cf

    • SHA1

      94493d2055bee28d5ebfe1900fa17445c7fa744b

    • SHA256

      5151b6753703f3a62c3a94eb30111d39dba722c85e8a83e12cf49dbe325ac3f5

    • SHA512

      8b3f5074abd9b63e716ed477b3a616206f38f1af047758b6f0785cdbe1cfd08f174eef9ce4a107579a479ac86803ac4d06538cb2ddbabceb56b0c49245113530

    • SSDEEP

      1536:hau1Tafv9HpHzknoWHDwhok79srBVrlLf1:hau1Ta9HeoWHDQok7SrBVhLf1

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks