General
-
Target
06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515
-
Size
335KB
-
Sample
241104-g57btswfnn
-
MD5
114551a87fa332a243fc05b7246309b9
-
SHA1
3596aaec2e1703545b104f74b14998cf90123952
-
SHA256
06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515
-
SHA512
1641c0cab72f4a91c1e0503c4a6153385a79c3632550317dfbb0c4f5fcc85806c94f67d6a93a455988751046d691786c42476e7d04745686337cfa2917f7cf1c
-
SSDEEP
6144:xcwi2YsHZR/E6OmbMponng0qbExZ18cbVctta0xBGIqYR9J:Owi2vR/E6XQpong0qbEPc60xBGIHPJ
Malware Config
Targets
-
-
Target
06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515
-
Size
335KB
-
MD5
114551a87fa332a243fc05b7246309b9
-
SHA1
3596aaec2e1703545b104f74b14998cf90123952
-
SHA256
06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515
-
SHA512
1641c0cab72f4a91c1e0503c4a6153385a79c3632550317dfbb0c4f5fcc85806c94f67d6a93a455988751046d691786c42476e7d04745686337cfa2917f7cf1c
-
SSDEEP
6144:xcwi2YsHZR/E6OmbMponng0qbExZ18cbVctta0xBGIqYR9J:Owi2vR/E6XQpong0qbEPc60xBGIHPJ
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-