General

  • Target

    JaffaCakes118_0d3f7f0b87d90bc977fca5aac2fe5980

  • Size

    120KB

  • Sample

    250604-gvwgkscj9x

  • MD5

    0d3f7f0b87d90bc977fca5aac2fe5980

  • SHA1

    c7d9fe23bb51d488c00604d27d9e6892fb9db6f8

  • SHA256

    4ba770d890e35609ff2a27ed2cb111bbd176a9d01a5e306153cb48f77ea7ea2b

  • SHA512

    7abcddfc25fea6e9b73cc30a62b97d105a0b6b94b17a67019444aa267700c97946891e42f58291128c4185b9c3166fdf855093114023c6ace4e08cd9aea55987

  • SSDEEP

    1536:95W65+2dxbZtoIwGS8JBh+mSEx1jeYSchAb+puLC5PQmskBTU8Txxl:jW5MbnownJBRxteYScB0C5omskBTU87l

Malware Config

Targets

    • Target

      JaffaCakes118_0d3f7f0b87d90bc977fca5aac2fe5980

    • Size

      120KB

    • MD5

      0d3f7f0b87d90bc977fca5aac2fe5980

    • SHA1

      c7d9fe23bb51d488c00604d27d9e6892fb9db6f8

    • SHA256

      4ba770d890e35609ff2a27ed2cb111bbd176a9d01a5e306153cb48f77ea7ea2b

    • SHA512

      7abcddfc25fea6e9b73cc30a62b97d105a0b6b94b17a67019444aa267700c97946891e42f58291128c4185b9c3166fdf855093114023c6ace4e08cd9aea55987

    • SSDEEP

      1536:95W65+2dxbZtoIwGS8JBh+mSEx1jeYSchAb+puLC5PQmskBTU8Txxl:jW5MbnownJBRxteYScB0C5omskBTU87l

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks