General

  • Target

    JaffaCakes118_0da78b6b371fdf8688009e20cf37ceb0

  • Size

    210KB

  • Sample

    250604-sjf4aszxa1

  • MD5

    0da78b6b371fdf8688009e20cf37ceb0

  • SHA1

    380059acac2164b762bb8a042888cea075045780

  • SHA256

    690d258f4e9f86ecdc551a268db098c3a3029866f31d96cdc1177c49c6e5f27b

  • SHA512

    b7e56494c9462aefea4a7cb07c5175a650ae7d5910f120826f32915e478ff9269d3d46999ff44b8bece2ae8cafc71c24f74841d49319cf529c61407ceb2e65ca

  • SSDEEP

    3072:sPUfyo6aRh6CzNiof2HtA2PtLR34PQhVDYwNXKakdyvlJeGhsYa/YWGGXHjf/Rgr:sagCxLf2NA0tK4XDYwNp

Malware Config

Targets

    • Target

      JaffaCakes118_0da78b6b371fdf8688009e20cf37ceb0

    • Size

      210KB

    • MD5

      0da78b6b371fdf8688009e20cf37ceb0

    • SHA1

      380059acac2164b762bb8a042888cea075045780

    • SHA256

      690d258f4e9f86ecdc551a268db098c3a3029866f31d96cdc1177c49c6e5f27b

    • SHA512

      b7e56494c9462aefea4a7cb07c5175a650ae7d5910f120826f32915e478ff9269d3d46999ff44b8bece2ae8cafc71c24f74841d49319cf529c61407ceb2e65ca

    • SSDEEP

      3072:sPUfyo6aRh6CzNiof2HtA2PtLR34PQhVDYwNXKakdyvlJeGhsYa/YWGGXHjf/Rgr:sagCxLf2NA0tK4XDYwNp

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks