General

  • Target

    JaffaCakes118_0e2e0f67aa312e7a294a4c2a4c558b21

  • Size

    160KB

  • Sample

    250605-lq97dsvwdz

  • MD5

    0e2e0f67aa312e7a294a4c2a4c558b21

  • SHA1

    c8c998187c1c2f53ff40bc940524c44019d92d12

  • SHA256

    6c0011003944a4796ba34a5e62a93a43770b5514c2dc95ce062fcf7639d73bd8

  • SHA512

    6c727cdb9dbb0d25f00111c0e0df2c2ee2cb912ce26dc5efd6fbaeb0b5fdc26d9b59a76de70513af8da345583175ffec87502f9856477fe84330ec7c0c272b7c

  • SSDEEP

    1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqAeT4yWF/TL6zX3w:FW+1oS4l5OeuQdrmwvL8EqgyY3Enw

Malware Config

Targets

    • Target

      JaffaCakes118_0e2e0f67aa312e7a294a4c2a4c558b21

    • Size

      160KB

    • MD5

      0e2e0f67aa312e7a294a4c2a4c558b21

    • SHA1

      c8c998187c1c2f53ff40bc940524c44019d92d12

    • SHA256

      6c0011003944a4796ba34a5e62a93a43770b5514c2dc95ce062fcf7639d73bd8

    • SHA512

      6c727cdb9dbb0d25f00111c0e0df2c2ee2cb912ce26dc5efd6fbaeb0b5fdc26d9b59a76de70513af8da345583175ffec87502f9856477fe84330ec7c0c272b7c

    • SSDEEP

      1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqAeT4yWF/TL6zX3w:FW+1oS4l5OeuQdrmwvL8EqgyY3Enw

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks