Overview

overview

10

Static

static

3

JaffaCakes...91.exe

windows7-x64

10

JaffaCakes...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_86bc96fc811899e58f611f55a3832a91

  • Size

    148KB

  • Sample

    250322-twjkmazrw9

  • MD5

    86bc96fc811899e58f611f55a3832a91

  • SHA1

    eb8822f9102b24bfb6a1b0e43667ee0cb93b2806

  • SHA256

    6e1992280603ede0a82e0716c91919e97af8ee8c476e30c800dcd27fd56bcdc9

  • SHA512

    7e4fdde986d0673874bff1c7668a8191aedc473086dde04ba8ae2fb728540095252638b0d4ee57623a2d2a3fdc5bda6e9205d76eb9f6ab0a37b11d7f1a70ee9d

  • SSDEEP

    3072:uXs8ENlgRfVWLvj8ssqkzgjVnZguhurWC86al5L14nO:uzw7RjVnZgIuc1/aO

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      JaffaCakes118_86bc96fc811899e58f611f55a3832a91

    • Size

      148KB

    • MD5

      86bc96fc811899e58f611f55a3832a91

    • SHA1

      eb8822f9102b24bfb6a1b0e43667ee0cb93b2806

    • SHA256

      6e1992280603ede0a82e0716c91919e97af8ee8c476e30c800dcd27fd56bcdc9

    • SHA512

      7e4fdde986d0673874bff1c7668a8191aedc473086dde04ba8ae2fb728540095252638b0d4ee57623a2d2a3fdc5bda6e9205d76eb9f6ab0a37b11d7f1a70ee9d

    • SSDEEP

      3072:uXs8ENlgRfVWLvj8ssqkzgjVnZguhurWC86al5L14nO:uzw7RjVnZgIuc1/aO

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda family

      andromeda

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks