General

  • Target

    JaffaCakes118_0daa0fefea33a5b4e5e37f2512ca4610

  • Size

    153KB

  • Sample

    250604-stp4yszzcv

  • MD5

    0daa0fefea33a5b4e5e37f2512ca4610

  • SHA1

    8c9458e6ee02c8bbd18b13edb71a619068021316

  • SHA256

    68a74124fdba7dabc747c5e59abc4df8b07b5e8d98ae63f8880ef5e347b9af35

  • SHA512

    f62f2a1ee808cbe59191664e7a51e6e7251c35c6ecf820b3de7af5d3283fa80bc97dad4f3d88590d224c80990dcedb0c07857d73e8134dc52ddc56359ecbcbc5

  • SSDEEP

    3072:jW5MbnownJBRxteYScB0C5omskBTU87XzzeXKs0y:jgsJHHehQv5nBJzmSy

Malware Config

Targets

    • Target

      JaffaCakes118_0daa0fefea33a5b4e5e37f2512ca4610

    • Size

      153KB

    • MD5

      0daa0fefea33a5b4e5e37f2512ca4610

    • SHA1

      8c9458e6ee02c8bbd18b13edb71a619068021316

    • SHA256

      68a74124fdba7dabc747c5e59abc4df8b07b5e8d98ae63f8880ef5e347b9af35

    • SHA512

      f62f2a1ee808cbe59191664e7a51e6e7251c35c6ecf820b3de7af5d3283fa80bc97dad4f3d88590d224c80990dcedb0c07857d73e8134dc52ddc56359ecbcbc5

    • SSDEEP

      3072:jW5MbnownJBRxteYScB0C5omskBTU87XzzeXKs0y:jgsJHHehQv5nBJzmSy

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks