General

  • Target

    250604-kak2wstns8.bin

  • Size

    42KB

  • Sample

    250604-n82n3sxlv3

  • MD5

    0d59ae64d00482d41ca7f587389c5b5a

  • SHA1

    454b0ed595c127d974492e82bec7f274aadbdc20

  • SHA256

    eedd5b2ad184fcacc2f7c87eede9dbffab81ff15dcda0a14cfa52fbb711b9dbb

  • SHA512

    8895597b85e056d21d7b6c3be282d1afaccd5893adfc0e7456e478ee2cceb6e248af9418937cbce1817631a1d306a231aad7aa0c03d4cba4cc3b7edd8da5a068

  • SSDEEP

    192:wyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/T:V04Vfdj9JT9uxRgZGz0glhPuDWWx3f7

Malware Config

Targets

    • Target

      250604-kak2wstns8.bin

    • Size

      42KB

    • MD5

      0d59ae64d00482d41ca7f587389c5b5a

    • SHA1

      454b0ed595c127d974492e82bec7f274aadbdc20

    • SHA256

      eedd5b2ad184fcacc2f7c87eede9dbffab81ff15dcda0a14cfa52fbb711b9dbb

    • SHA512

      8895597b85e056d21d7b6c3be282d1afaccd5893adfc0e7456e478ee2cceb6e248af9418937cbce1817631a1d306a231aad7aa0c03d4cba4cc3b7edd8da5a068

    • SSDEEP

      192:wyEh4bJlnNdEIv1J/b9i7s4pwrARgZd1SrMksXgUdBOvAUPuDtwFWx3f/T:V04Vfdj9JT9uxRgZGz0glhPuDWWx3f7

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v16

Tasks