General
-
Target
451a3627ab9bf9f88261c29a62ec523f0bacb093e8d6c07c221b14df95ce6547N
-
Size
88KB
-
Sample
241110-j758natajj
-
MD5
7dbc7d98f3a7392ea418dd7cdee549c0
-
SHA1
8050656fc3829b1014b53cab07ec5418d316a558
-
SHA256
451a3627ab9bf9f88261c29a62ec523f0bacb093e8d6c07c221b14df95ce6547
-
SHA512
5bfeccb890dd4f3a189a0daa223b408362148be87e8703d2f4a559b2ec24e75b55b41b8df155450f27bde83001b5631612269e9901d433b625f8af513ed464ba
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yEd:6D0ctAVA/bmxIMnoKjyR/Nd
Malware Config
Targets
-
-
Target
451a3627ab9bf9f88261c29a62ec523f0bacb093e8d6c07c221b14df95ce6547N
-
Size
88KB
-
MD5
7dbc7d98f3a7392ea418dd7cdee549c0
-
SHA1
8050656fc3829b1014b53cab07ec5418d316a558
-
SHA256
451a3627ab9bf9f88261c29a62ec523f0bacb093e8d6c07c221b14df95ce6547
-
SHA512
5bfeccb890dd4f3a189a0daa223b408362148be87e8703d2f4a559b2ec24e75b55b41b8df155450f27bde83001b5631612269e9901d433b625f8af513ed464ba
-
SSDEEP
1536:t5piVnDXkTbhCtaB6GVA/bVQPxfgiqfoOonoKg+yOH5y/yEd:6D0ctAVA/bmxIMnoKjyR/Nd
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-