General

  • Target

    JaffaCakes118_0d928568ffd9f0f162d67b4bda82e1f0

  • Size

    81KB

  • Sample

    250604-qlp3waer6y

  • MD5

    0d928568ffd9f0f162d67b4bda82e1f0

  • SHA1

    3dde7913e5c9ca09566119dbcfafd83a060603f2

  • SHA256

    117eea25592f3bfa04ee35e4b84394da099a24e19faf53cb822bb0380bd0bb92

  • SHA512

    2b99aa085000cdff44dbec49c03e564e90a53964ec1d77cacde3c70b2820a245cc5d4ee37cb8c4989fc59060b627c9c7c52ddae0de3f8c673da1f74fba2fb1ed

  • SSDEEP

    1536:RRkDnTSWukyxHE+JBWC7KnI4KTwTPGsvvkN:KnT6kyxdL9L0bGdN

Malware Config

Targets

    • Target

      JaffaCakes118_0d928568ffd9f0f162d67b4bda82e1f0

    • Size

      81KB

    • MD5

      0d928568ffd9f0f162d67b4bda82e1f0

    • SHA1

      3dde7913e5c9ca09566119dbcfafd83a060603f2

    • SHA256

      117eea25592f3bfa04ee35e4b84394da099a24e19faf53cb822bb0380bd0bb92

    • SHA512

      2b99aa085000cdff44dbec49c03e564e90a53964ec1d77cacde3c70b2820a245cc5d4ee37cb8c4989fc59060b627c9c7c52ddae0de3f8c673da1f74fba2fb1ed

    • SSDEEP

      1536:RRkDnTSWukyxHE+JBWC7KnI4KTwTPGsvvkN:KnT6kyxdL9L0bGdN

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks