General
-
Target
873598722e35e3b190cbe77432bb7081_JaffaCakes118
-
Size
375KB
-
Sample
241102-xyxf2stbkm
-
MD5
873598722e35e3b190cbe77432bb7081
-
SHA1
e8b3d480e8c75e508974efbfaee852a79a0f2e7b
-
SHA256
c7a79d4299d4d340f61ae69d5e5b89ae21868dd84aeef244ca290f7af34b5e6e
-
SHA512
67857b564d72fce7f6413e3e316d9e683f353e96a5672177a33094bd09d7f06aab6ddbddade2074c8ea4f88c2318ecf66cdd1fcccbf6f5a42ecd2c79c7afcaa9
-
SSDEEP
6144:6h3F6GxC/nDT9YHifHFr3nw5wn6FSxsYk62Ss9MnkTwfy:6hV6GxaVzH5601k9MnkTwf
Malware Config
Targets
-
-
Target
873598722e35e3b190cbe77432bb7081_JaffaCakes118
-
Size
375KB
-
MD5
873598722e35e3b190cbe77432bb7081
-
SHA1
e8b3d480e8c75e508974efbfaee852a79a0f2e7b
-
SHA256
c7a79d4299d4d340f61ae69d5e5b89ae21868dd84aeef244ca290f7af34b5e6e
-
SHA512
67857b564d72fce7f6413e3e316d9e683f353e96a5672177a33094bd09d7f06aab6ddbddade2074c8ea4f88c2318ecf66cdd1fcccbf6f5a42ecd2c79c7afcaa9
-
SSDEEP
6144:6h3F6GxC/nDT9YHifHFr3nw5wn6FSxsYk62Ss9MnkTwfy:6hV6GxaVzH5601k9MnkTwf
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-