General
-
Target
855fddfd3c7087e79b7732b170fad1240d4282612ddb6ff93957e82c4cded621N
-
Size
1.9MB
-
Sample
241027-blxqdszldv
-
MD5
e5c9ec7ac410883b375faaf4f42f8190
-
SHA1
2ca2cda1717b832e43db8616fa5b663e6a82b73e
-
SHA256
855fddfd3c7087e79b7732b170fad1240d4282612ddb6ff93957e82c4cded621
-
SHA512
69541c3ba65ad5671797b71d9cd80021514f65283102c963e4b4dcaf2a1d6d63f4c4c756c350bf449082ed305bb8c021a02750ed36db598d109398fd43e0e1ea
-
SSDEEP
24576:oZ2eR4NPXdVtTj2i64T+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oT:ZlbTChxKCnFnQXBbrtgb/iQvu0UHOL
Malware Config
Targets
-
-
Target
855fddfd3c7087e79b7732b170fad1240d4282612ddb6ff93957e82c4cded621N
-
Size
1.9MB
-
MD5
e5c9ec7ac410883b375faaf4f42f8190
-
SHA1
2ca2cda1717b832e43db8616fa5b663e6a82b73e
-
SHA256
855fddfd3c7087e79b7732b170fad1240d4282612ddb6ff93957e82c4cded621
-
SHA512
69541c3ba65ad5671797b71d9cd80021514f65283102c963e4b4dcaf2a1d6d63f4c4c756c350bf449082ed305bb8c021a02750ed36db598d109398fd43e0e1ea
-
SSDEEP
24576:oZ2eR4NPXdVtTj2i64T+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4oT:ZlbTChxKCnFnQXBbrtgb/iQvu0UHOL
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-