General
-
Target
9b54e6860c023f9a3a2c53d11324da7d_JaffaCakes118
-
Size
35KB
-
Sample
241125-n48ltsvqgy
-
MD5
9b54e6860c023f9a3a2c53d11324da7d
-
SHA1
aca9874394e275035af1a2d01fda3714a1c4ead9
-
SHA256
92d1c63408fbffecc785ad7c88e22947ff0fca3cbd64f28b334c817cc55f1f5c
-
SHA512
8bb8ea8d3045847c2b0b7c6c6b592abe5f3c93a731d0b2c307d5c5ec99174d1d78454b7c3ddeae92e5486f5ef4c0402c057eca97591a62430af8a2450f3ceef5
-
SSDEEP
384:V04Vfdj9JT9uxRgZGz0glhPuDWWx3fZgSEgng7a4k9s4qVCbB2oDVOvR3Cv0ofGG:9dfTIvGgSEd7/sJ0OBdZ6G0H7C
Malware Config
Targets
-
-
Target
9b54e6860c023f9a3a2c53d11324da7d_JaffaCakes118
-
Size
35KB
-
MD5
9b54e6860c023f9a3a2c53d11324da7d
-
SHA1
aca9874394e275035af1a2d01fda3714a1c4ead9
-
SHA256
92d1c63408fbffecc785ad7c88e22947ff0fca3cbd64f28b334c817cc55f1f5c
-
SHA512
8bb8ea8d3045847c2b0b7c6c6b592abe5f3c93a731d0b2c307d5c5ec99174d1d78454b7c3ddeae92e5486f5ef4c0402c057eca97591a62430af8a2450f3ceef5
-
SSDEEP
384:V04Vfdj9JT9uxRgZGz0glhPuDWWx3fZgSEgng7a4k9s4qVCbB2oDVOvR3Cv0ofGG:9dfTIvGgSEd7/sJ0OBdZ6G0H7C
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-