General
-
Target
8da240f8b9ae8f85913d31027afa5b2c_JaffaCakes118
-
Size
13KB
-
Sample
241103-1jr5kavfqa
-
MD5
8da240f8b9ae8f85913d31027afa5b2c
-
SHA1
0de82d1f655c00f0de6dca2eae2b5abcf5cf67ba
-
SHA256
de98f29cf48539cbf8102a56d0e475ea46764efadffdac1815f803abc395ccc5
-
SHA512
6ff5f06f0037e1246221efd85bc82e1b0a1ec5fe637b3acad4609fd125f7646e7021548e67b77699049b39e0eaf0cdcca143ff9c9b0137b303d547fa29160d8c
-
SSDEEP
384:ILOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FYu:JSagh0Qu1UkKE7AF
Malware Config
Targets
-
-
Target
8da240f8b9ae8f85913d31027afa5b2c_JaffaCakes118
-
Size
13KB
-
MD5
8da240f8b9ae8f85913d31027afa5b2c
-
SHA1
0de82d1f655c00f0de6dca2eae2b5abcf5cf67ba
-
SHA256
de98f29cf48539cbf8102a56d0e475ea46764efadffdac1815f803abc395ccc5
-
SHA512
6ff5f06f0037e1246221efd85bc82e1b0a1ec5fe637b3acad4609fd125f7646e7021548e67b77699049b39e0eaf0cdcca143ff9c9b0137b303d547fa29160d8c
-
SSDEEP
384:ILOTSoMaHAhzQYVu1TY7gKJEmizmzCaF1FYu:JSagh0Qu1UkKE7AF
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-