General

  • Target

    JaffaCakes118_0d415aa908efe4d0b52fb4f8fa159b8e

  • Size

    284KB

  • Sample

    250604-gzrn7a1rw5

  • MD5

    0d415aa908efe4d0b52fb4f8fa159b8e

  • SHA1

    bccfb4c514e0401e254255d7bc5fe7bf054eb39a

  • SHA256

    11887f3a10c3ad8d310b3603ce2f0ccec8f36f5b38d638c4b9df9d8aad3a5d51

  • SHA512

    c52ddc155c32bb9f4b304c844cc2660a68173f7897a6bfc7cae7c2688b562292c633a05d4fcac4997efa61ca8774890045d7a01b9afff332016be8e353a980f2

  • SSDEEP

    3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

Malware Config

Targets

    • Target

      JaffaCakes118_0d415aa908efe4d0b52fb4f8fa159b8e

    • Size

      284KB

    • MD5

      0d415aa908efe4d0b52fb4f8fa159b8e

    • SHA1

      bccfb4c514e0401e254255d7bc5fe7bf054eb39a

    • SHA256

      11887f3a10c3ad8d310b3603ce2f0ccec8f36f5b38d638c4b9df9d8aad3a5d51

    • SHA512

      c52ddc155c32bb9f4b304c844cc2660a68173f7897a6bfc7cae7c2688b562292c633a05d4fcac4997efa61ca8774890045d7a01b9afff332016be8e353a980f2

    • SSDEEP

      3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks