General

  • Target

    JaffaCakes118_0d877c241227e444a14a5a0b31a10156

  • Size

    80KB

  • Sample

    250604-pmz4ssxwaz

  • MD5

    0d877c241227e444a14a5a0b31a10156

  • SHA1

    be089a325f04147a2bdf6e5dc4c11ea56ef4b625

  • SHA256

    e70e95bd1a5cfaffb02e3d79efb8a1d64cee3221aec5c449d54b1dcdc20202b9

  • SHA512

    88d4dbdd60f930578698463ef66f9bf43d1b32467c661ef8d0f930c522644414a8e0c86ba7363f943437bca9144b2e5d851b546d8576f279167220be90b1c73f

  • SSDEEP

    1536:1IHaUVw/54r24QilNO6uwq1ttWT32QnYXBI:1IHkilNjuFtUT

Malware Config

Targets

    • Target

      JaffaCakes118_0d877c241227e444a14a5a0b31a10156

    • Size

      80KB

    • MD5

      0d877c241227e444a14a5a0b31a10156

    • SHA1

      be089a325f04147a2bdf6e5dc4c11ea56ef4b625

    • SHA256

      e70e95bd1a5cfaffb02e3d79efb8a1d64cee3221aec5c449d54b1dcdc20202b9

    • SHA512

      88d4dbdd60f930578698463ef66f9bf43d1b32467c661ef8d0f930c522644414a8e0c86ba7363f943437bca9144b2e5d851b546d8576f279167220be90b1c73f

    • SSDEEP

      1536:1IHaUVw/54r24QilNO6uwq1ttWT32QnYXBI:1IHkilNjuFtUT

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks