General
-
Target
704f4764e2b02dbc60e7981807ae07a0_JaffaCakes118
-
Size
184KB
-
Sample
241023-xdmfcawhqr
-
MD5
704f4764e2b02dbc60e7981807ae07a0
-
SHA1
3e06c1ec95afc9e514751a93298b2b46b2403a5e
-
SHA256
4947cb8354d643a15be3138041282690c1106270af7abfa7a643450c7cab4976
-
SHA512
879aad04262853b81b5b7d644701555ed03ed587383695023a7dd9bd8ad3fe627b58c4611af24affd0ab2250a1df67bdfdc5a372d3a4c5aff5335a64dff97af2
-
SSDEEP
3072:xoOdZvqcXGhC96HM0XLpo0fXx1ffobsBegIh2L3pVy7YfRo+NerD1fEX96aemQUd:xoOCqZ+BFobs3u2LZDNqh896aeyJRlvr
Malware Config
Targets
-
-
Target
704f4764e2b02dbc60e7981807ae07a0_JaffaCakes118
-
Size
184KB
-
MD5
704f4764e2b02dbc60e7981807ae07a0
-
SHA1
3e06c1ec95afc9e514751a93298b2b46b2403a5e
-
SHA256
4947cb8354d643a15be3138041282690c1106270af7abfa7a643450c7cab4976
-
SHA512
879aad04262853b81b5b7d644701555ed03ed587383695023a7dd9bd8ad3fe627b58c4611af24affd0ab2250a1df67bdfdc5a372d3a4c5aff5335a64dff97af2
-
SSDEEP
3072:xoOdZvqcXGhC96HM0XLpo0fXx1ffobsBegIh2L3pVy7YfRo+NerD1fEX96aemQUd:xoOCqZ+BFobs3u2LZDNqh896aeyJRlvr
Score10/10-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-