General
-
Target
b131be44446dbef2992251a6a599c650_JaffaCakes118
-
Size
63KB
-
Sample
240820-2y8ars1hlm
-
MD5
b131be44446dbef2992251a6a599c650
-
SHA1
9396ebf192f207b4ee8a3858e5ca2d14122d55eb
-
SHA256
1c49af854e0f27bfcdde7ce4ec86d8924a4d2a42663446da128006e14c2176b9
-
SHA512
6be707621be95a9847344c60dc67006d97601729d8af8e4a8498e6c7c783133ede82441df48e7452544e0b042bb1dd9473227f825ec856efbea27e60fec7f698
-
SSDEEP
1536:GjWl5CR3PqmDuegzUF/Bic+gwGzBzQamITXCJthsTYVp5ruKwqKMfZD0HN4vQd4M:G25CJPqmDueFygwKMa3TXCJthsK5ruld
Malware Config
Targets
-
-
Target
b131be44446dbef2992251a6a599c650_JaffaCakes118
-
Size
63KB
-
MD5
b131be44446dbef2992251a6a599c650
-
SHA1
9396ebf192f207b4ee8a3858e5ca2d14122d55eb
-
SHA256
1c49af854e0f27bfcdde7ce4ec86d8924a4d2a42663446da128006e14c2176b9
-
SHA512
6be707621be95a9847344c60dc67006d97601729d8af8e4a8498e6c7c783133ede82441df48e7452544e0b042bb1dd9473227f825ec856efbea27e60fec7f698
-
SSDEEP
1536:GjWl5CR3PqmDuegzUF/Bic+gwGzBzQamITXCJthsTYVp5ruKwqKMfZD0HN4vQd4M:G25CJPqmDueFygwKMa3TXCJthsK5ruld
Score10/10-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-