General
-
Target
87450a11d6ac1571d99a5d9600adabe7_JaffaCakes118
-
Size
39KB
-
Sample
241102-x6yn3swleq
-
MD5
87450a11d6ac1571d99a5d9600adabe7
-
SHA1
c8de11c8f2ffc47e15da8e005b639c9381740898
-
SHA256
e4214dacb5821bb048c08740910386cacb52383aa6401b145fa3d5dcd4414c5a
-
SHA512
ea5676fe5bc8dd1e12c57d78e4b5575f22b1fcab501083b985510b09cd87bdf5374f0a889c8f6efb31afba9a2250eff2faef4793878a636c4b60009484441962
-
SSDEEP
384:LNNA3O9wJDK9U+aUAZEYmRhPblQr2EReekRCcTtZ6cd1wcLEknpC4COuRa+Rdrp0:wUwJnhbmXblQr98Cu1bZLwYM4J
Malware Config
Targets
-
-
Target
87450a11d6ac1571d99a5d9600adabe7_JaffaCakes118
-
Size
39KB
-
MD5
87450a11d6ac1571d99a5d9600adabe7
-
SHA1
c8de11c8f2ffc47e15da8e005b639c9381740898
-
SHA256
e4214dacb5821bb048c08740910386cacb52383aa6401b145fa3d5dcd4414c5a
-
SHA512
ea5676fe5bc8dd1e12c57d78e4b5575f22b1fcab501083b985510b09cd87bdf5374f0a889c8f6efb31afba9a2250eff2faef4793878a636c4b60009484441962
-
SSDEEP
384:LNNA3O9wJDK9U+aUAZEYmRhPblQr2EReekRCcTtZ6cd1wcLEknpC4COuRa+Rdrp0:wUwJnhbmXblQr98Cu1bZLwYM4J
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-