General
-
Target
97ffe386c08fead68d83d965264e9c78_JaffaCakes118
-
Size
39KB
-
Sample
241125-acemsasraq
-
MD5
97ffe386c08fead68d83d965264e9c78
-
SHA1
229b122831cb27197c81cbcd07d3e68b4373cb28
-
SHA256
b49685f362b104ac7c2e0b5ff8d83f6cccc99e29d1575ee8796c31b7858ae910
-
SHA512
82f277c863f6e80d1bf2621b43f22655d8b557710150d4263c238dbdc2cae60d6d71d3e7a162739fea858cb60b73ade21432bc9aca8304ae4efaa3903517f680
-
SSDEEP
384:xNOaOwImAFEC9r/H04lnTXZUikSnm/UHNeCcTtZ6cd1wcLE19npC4COuRa+Rdrpy:+wkFR9rv08TZU6NeCu1bGLwYM4/
Malware Config
Targets
-
-
Target
97ffe386c08fead68d83d965264e9c78_JaffaCakes118
-
Size
39KB
-
MD5
97ffe386c08fead68d83d965264e9c78
-
SHA1
229b122831cb27197c81cbcd07d3e68b4373cb28
-
SHA256
b49685f362b104ac7c2e0b5ff8d83f6cccc99e29d1575ee8796c31b7858ae910
-
SHA512
82f277c863f6e80d1bf2621b43f22655d8b557710150d4263c238dbdc2cae60d6d71d3e7a162739fea858cb60b73ade21432bc9aca8304ae4efaa3903517f680
-
SSDEEP
384:xNOaOwImAFEC9r/H04lnTXZUikSnm/UHNeCcTtZ6cd1wcLE19npC4COuRa+Rdrpy:+wkFR9rv08TZU6NeCu1bGLwYM4/
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-