{
	"id": "18bac25a-5c5e-48de-a108-ed16f62ccf40",
	"created_at": "2026-04-06T00:06:16.336907Z",
	"updated_at": "2026-04-10T13:12:35.169274Z",
	"deleted_at": null,
	"sha1_hash": "46ce4a6c3f692291ac4be1171d44c5b2947c1452",
	"title": "AndroMut (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28991,
	"plain_text": "AndroMut (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-02 12:46:03 UTC\r\nAccording to Proofpoint, AndroMut is a new downloader malware written in C++ that Proofpoint researchers\r\nbegan observing in the wild in June 2019. The “Andro” part of the name comes from some of the pieces which\r\nbear resemblance to another downloader malware known as Andromeda [1] and “Mut” is based off a mutex that\r\nthe analyzed sample creates: “mutshellmy777”.\r\n[TLP:WHITE] win_andromut_auto (20251219 | Detects win.andromut.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.andromut\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.andromut\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.andromut"
	],
	"report_names": [
		"win.andromut"
	],
	"threat_actors": [],
	"ts_created_at": 1775433976,
	"ts_updated_at": 1775826755,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/46ce4a6c3f692291ac4be1171d44c5b2947c1452.pdf",
		"text": "https://archive.orkl.eu/46ce4a6c3f692291ac4be1171d44c5b2947c1452.txt",
		"img": "https://archive.orkl.eu/46ce4a6c3f692291ac4be1171d44c5b2947c1452.jpg"
	}
}