General
-
Target
47ec9a321bef5ab0ada5f7fcfd1e2675_JaffaCakes118
-
Size
72KB
-
Sample
241015-p5ewksvgnb
-
MD5
47ec9a321bef5ab0ada5f7fcfd1e2675
-
SHA1
f6fc57101badfb58cf2fe7386b149d02db0299cc
-
SHA256
37209687d86179a21a41a7a1e015980cd0f8ce70acae0a7afbadb7f33a568d3b
-
SHA512
847ecec3b803d3370919caf0f84481af604ca14325c897a406c7e93f03bf6c45b5e20a4d60777abf4b540414c5545a603c8913f1a25212cd095b7245a5c3b5ae
-
SSDEEP
1536:nng8VI4SlVSdKPGrsl8J4t7VkByg47ZlGVaTuZgHLlHM3d9iBhzMz:nC4xdtslZt8yl6VZyls3dwBdMz
Malware Config
Targets
-
-
Target
47ec9a321bef5ab0ada5f7fcfd1e2675_JaffaCakes118
-
Size
72KB
-
MD5
47ec9a321bef5ab0ada5f7fcfd1e2675
-
SHA1
f6fc57101badfb58cf2fe7386b149d02db0299cc
-
SHA256
37209687d86179a21a41a7a1e015980cd0f8ce70acae0a7afbadb7f33a568d3b
-
SHA512
847ecec3b803d3370919caf0f84481af604ca14325c897a406c7e93f03bf6c45b5e20a4d60777abf4b540414c5545a603c8913f1a25212cd095b7245a5c3b5ae
-
SSDEEP
1536:nng8VI4SlVSdKPGrsl8J4t7VkByg47ZlGVaTuZgHLlHM3d9iBhzMz:nC4xdtslZt8yl6VZyls3dwBdMz
Score10/10-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-