General

  • Target

    JaffaCakes118_0cf672a1ed4dadc04a5816b6592844d1

  • Size

    13KB

  • Sample

    250602-kxsegscm4x

  • MD5

    0cf672a1ed4dadc04a5816b6592844d1

  • SHA1

    c50aa5fd5f995cd97279eadbf79d433216798223

  • SHA256

    c40aa75e4202aeaf5c06393a2205bb7cc944005461db6f20e4ac99a52fb655b8

  • SHA512

    1a570e3388121b877a060a186b1d2978dc883b5d7944103d0d5b1fe78334732c32a4f7080b67457a64919b1f45650309a23c7f11263643f5816f02768b5514cb

  • SSDEEP

    384:RLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:ySagh0Qu1UkKE7AF

Malware Config

Targets

    • Target

      JaffaCakes118_0cf672a1ed4dadc04a5816b6592844d1

    • Size

      13KB

    • MD5

      0cf672a1ed4dadc04a5816b6592844d1

    • SHA1

      c50aa5fd5f995cd97279eadbf79d433216798223

    • SHA256

      c40aa75e4202aeaf5c06393a2205bb7cc944005461db6f20e4ac99a52fb655b8

    • SHA512

      1a570e3388121b877a060a186b1d2978dc883b5d7944103d0d5b1fe78334732c32a4f7080b67457a64919b1f45650309a23c7f11263643f5816f02768b5514cb

    • SSDEEP

      384:RLOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FY:ySagh0Qu1UkKE7AF

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v16

Tasks