General
-
Target
42dc5c8f7cf2277e3affbdab36c3a983_JaffaCakes118
-
Size
45KB
-
Sample
241014-swlvbawblq
-
MD5
42dc5c8f7cf2277e3affbdab36c3a983
-
SHA1
558135f27f1d93c8907c897844b29b5a8edca2b4
-
SHA256
e498195cd0feefc6ac2af862d93a78aa7087f352ef1d5b6e4d0be958a20ec5c3
-
SHA512
ff7eb1f9beffdb02157db882c23edaec6c052a8cf929a8afc5afeb6b8b9d9cb8ed0d669aef2b802248e34a0ef76654c168c668f1b14cf7eec7cc1584920b26ea
-
SSDEEP
768:WYVCvPjRcEL9Ww/HisTfos3X8ZsRJQFEos:LStRWw/HisT13XdRK
Malware Config
Targets
-
-
Target
42dc5c8f7cf2277e3affbdab36c3a983_JaffaCakes118
-
Size
45KB
-
MD5
42dc5c8f7cf2277e3affbdab36c3a983
-
SHA1
558135f27f1d93c8907c897844b29b5a8edca2b4
-
SHA256
e498195cd0feefc6ac2af862d93a78aa7087f352ef1d5b6e4d0be958a20ec5c3
-
SHA512
ff7eb1f9beffdb02157db882c23edaec6c052a8cf929a8afc5afeb6b8b9d9cb8ed0d669aef2b802248e34a0ef76654c168c668f1b14cf7eec7cc1584920b26ea
-
SSDEEP
768:WYVCvPjRcEL9Ww/HisTfos3X8ZsRJQFEos:LStRWw/HisT13XdRK
Score10/10-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-