Overview

overview

10

Static

static

3

JaffaCakes...ad.exe

windows7-x64

10

JaffaCakes...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_64259b590d940c31567369dc4038efad

  • Size

    148KB

  • Sample

    250311-jzv3qaxj14

  • MD5

    64259b590d940c31567369dc4038efad

  • SHA1

    13f0e3b910559ffa9c7d246b9c4b5af439132ddc

  • SHA256

    ea71c4637ebc8f144f2e41570d233b65f8549ec7c36fd9b49b1c816057a71745

  • SHA512

    df8cf5e60ae53f9b46bfee1fc8b448935cac690717dfd9aa3cdbf8d4f9d09e584d8f0bd6deba4283b2bedc3b26125006f88554fbf603029d63e77d254e93356e

  • SSDEEP

    3072:rXU8ENlgB7VWLhs8ss8SzUj+aajCKoCdCRhUzML14IO:rbUOZj+aajboYzMaB

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      JaffaCakes118_64259b590d940c31567369dc4038efad

    • Size

      148KB

    • MD5

      64259b590d940c31567369dc4038efad

    • SHA1

      13f0e3b910559ffa9c7d246b9c4b5af439132ddc

    • SHA256

      ea71c4637ebc8f144f2e41570d233b65f8549ec7c36fd9b49b1c816057a71745

    • SHA512

      df8cf5e60ae53f9b46bfee1fc8b448935cac690717dfd9aa3cdbf8d4f9d09e584d8f0bd6deba4283b2bedc3b26125006f88554fbf603029d63e77d254e93356e

    • SSDEEP

      3072:rXU8ENlgB7VWLhs8ss8SzUj+aajCKoCdCRhUzML14IO:rbUOZj+aajboYzMaB

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks