General
-
Target
997d5dff0f6dc8eef9fe73e8c9b304a4_JaffaCakes118
-
Size
43KB
-
Sample
241125-f5nzta1khs
-
MD5
997d5dff0f6dc8eef9fe73e8c9b304a4
-
SHA1
a3ae667ba401fb24e094ce24c1c07a2daab263b9
-
SHA256
f54dfdb4bc70b28055e814f2ed52dd4bf88749ae613f284fdfc8f82c8050de28
-
SHA512
c1666011ee8a9b476fcd03236e6faecf0d597f6000ac4deb00347c3b8d659a5d9a49a4f273efb4eaaea1dd0c84348ccad158ae6ebe13d73631d58126dee8eaa5
-
SSDEEP
768:Iu/ShQRNKEhSRiiISoPi1ICplUGyzAKfF1KJ/Dqz9Dq6DqkZDqd+LdD2:6iKEhSZIhWldgt1oDqRDq6Dq4DqdC52
Malware Config
Targets
-
-
Target
997d5dff0f6dc8eef9fe73e8c9b304a4_JaffaCakes118
-
Size
43KB
-
MD5
997d5dff0f6dc8eef9fe73e8c9b304a4
-
SHA1
a3ae667ba401fb24e094ce24c1c07a2daab263b9
-
SHA256
f54dfdb4bc70b28055e814f2ed52dd4bf88749ae613f284fdfc8f82c8050de28
-
SHA512
c1666011ee8a9b476fcd03236e6faecf0d597f6000ac4deb00347c3b8d659a5d9a49a4f273efb4eaaea1dd0c84348ccad158ae6ebe13d73631d58126dee8eaa5
-
SSDEEP
768:Iu/ShQRNKEhSRiiISoPi1ICplUGyzAKfF1KJ/Dqz9Dq6DqkZDqd+LdD2:6iKEhSZIhWldgt1oDqRDq6Dq4DqdC52
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-