Overview

overview

10

Static

static

3

6d921a770b...a4.exe

windows7-x64

10

6d921a770b...a4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d921a770b60e2d4a25dbe8ecd4a887b371640802dae4a64aa23714242600ca4

  • Size

    124KB

  • Sample

    250320-yb8q8s1m19

  • MD5

    101dd9f9efb5c1c204ff7df24a393999

  • SHA1

    fd476e1c071ecab566297f0dbc5d072486a11f24

  • SHA256

    6d921a770b60e2d4a25dbe8ecd4a887b371640802dae4a64aa23714242600ca4

  • SHA512

    9abc2aa423f1f1369b73c27be53d770a6ae18712ec102f98a327b39f34efe8ff274d28e7ae444549ac531bd20c1ccdf0f9944cbe05271ced86487d317296397d

  • SSDEEP

    1536:l6u6YB56XJ6owvzbNfURp4VntUhtH7Vi4Bh4G0TQJBwGpNcID9OhsX:l6uB28owvlrVnihVVi4H4Ewuce

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      6d921a770b60e2d4a25dbe8ecd4a887b371640802dae4a64aa23714242600ca4

    • Size

      124KB

    • MD5

      101dd9f9efb5c1c204ff7df24a393999

    • SHA1

      fd476e1c071ecab566297f0dbc5d072486a11f24

    • SHA256

      6d921a770b60e2d4a25dbe8ecd4a887b371640802dae4a64aa23714242600ca4

    • SHA512

      9abc2aa423f1f1369b73c27be53d770a6ae18712ec102f98a327b39f34efe8ff274d28e7ae444549ac531bd20c1ccdf0f9944cbe05271ced86487d317296397d

    • SSDEEP

      1536:l6u6YB56XJ6owvzbNfURp4VntUhtH7Vi4Bh4G0TQJBwGpNcID9OhsX:l6uB28owvlrVnihVVi4H4Ewuce

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks