General

  • Target

    JaffaCakes118_0d6d273a8d62c52832d3dec82ed56940

  • Size

    139KB

  • Sample

    250604-mb55kav1b1

  • MD5

    0d6d273a8d62c52832d3dec82ed56940

  • SHA1

    80dd9c1ec008c3952802127c7b4793a4841d41da

  • SHA256

    5b355d329ba6f3ff816ae856866f48451988303f1d92d292f2cba4962a8c3260

  • SHA512

    f3160e512f02969f703509778ebece9f7ce5f579fc4ec6fc34b2407f4dc2c15dc106476b9d3d64a89b4079fde205e1db58dc80a68718d5105d36aab12233561e

  • SSDEEP

    1536:mja31mJ0V4mhqetoruaXa1eqnDRvzgWvnK8fonSX8xT4+K+Hsy2F1W:3MJ0WgqetoruaXa1eMMJ4+Kc

Malware Config

Targets

    • Target

      JaffaCakes118_0d6d273a8d62c52832d3dec82ed56940

    • Size

      139KB

    • MD5

      0d6d273a8d62c52832d3dec82ed56940

    • SHA1

      80dd9c1ec008c3952802127c7b4793a4841d41da

    • SHA256

      5b355d329ba6f3ff816ae856866f48451988303f1d92d292f2cba4962a8c3260

    • SHA512

      f3160e512f02969f703509778ebece9f7ce5f579fc4ec6fc34b2407f4dc2c15dc106476b9d3d64a89b4079fde205e1db58dc80a68718d5105d36aab12233561e

    • SSDEEP

      1536:mja31mJ0V4mhqetoruaXa1eqnDRvzgWvnK8fonSX8xT4+K+Hsy2F1W:3MJ0WgqetoruaXa1eMMJ4+Kc

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks