Overview

overview

5

Static

static

3

Andromeda Builder.exe

windows7-x64

5

Andromeda Builder.exe

windows10-2004-x64

1

Anti vmwar...re.exe

windows7-x64

1

Anti vmwar...re.exe

windows10-2004-x64

1

Panel/index.js

windows7-x64

3

Panel/index.js

windows10-2004-x64

3

Panel/plug...ex.ps1

windows7-x64

3

Panel/plug...ex.ps1

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    8ac33ab4d0e3cbb48e2249746748c155_JaffaCakes118

  • Size

    2.9MB

  • MD5

    8ac33ab4d0e3cbb48e2249746748c155

  • SHA1

    a7aa347c9f1969c06beaf80d7ed3e77231a9c2d0

  • SHA256

    c0c01f0ae0d0845f66b9c3fff4058b3812dc82fe7ab6104e268e148ac2f7a1b6

  • SHA512

    94b9cc3b078f234d75a56f048f32038887b3ed4ebb17039c5a1e23949d3cb46ded6aed4add8e394787e6e478bd1dec00410bc98e8cfd0b213c65556bc37d62ad

  • SSDEEP

    49152:YGO1DiRhx3ZWzYwvBq9No4y/77Or6zwefUcGAJcPRg+jBt19iRbw:1OtOhtMBcMD7Or6zwp5PlBiw

Score
3/10

Malware Config

Signatures

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 8ac33ab4d0e3cbb48e2249746748c155_JaffaCakes118
    .zip

    Password: infected

  • Andromeda Builder.exe
    .exe windows:5 windows x86 arch:x86

    4abc70319c1f8cc5c8e5aabaa495e853


    Headers

    Imports

    Sections

  • Anti vmware/start_me_on_vm_before.exe
    .exe windows:4 windows x86 arch:x86

    5345c415b7874504827119f98f2bfdfd


    Headers

    Imports

    Sections

  • Panel/GeoIPCountryWhois.csv.gz
    .gz
  • GeoIPCountryWhois.csv
  • Panel/back.css
  • Panel/config.php
  • Panel/fg.php
  • Panel/fg_logs/.htaccess
  • Panel/fg_logs/index.php
  • Panel/geo.gif
  • Panel/ifg.php
  • Panel/image.php
  • Panel/index.php
    .js
  • Panel/plugins/.htaccess
  • Panel/plugins/fg/index.php
  • Panel/plugins/fg/link.php
  • Panel/plugins/index.php
  • Panel/plugins/socks4/gate.php
  • Panel/plugins/socks4/index.php
    .ps1
  • Panel/plugins/socks4/link.php
  • Panel/style.css
  • Plugins/f.pack
  • Plugins/r.pack
  • Plugins/s.pack