General
-
Target
dcbe20b26be818c4dd17cfcc9f77b141335922ce83015ba325bc568a0f5f04ecN.exe
-
Size
62KB
-
Sample
241127-rly68awrcz
-
MD5
60df716ffbf9f20f8e9ee751ddc09460
-
SHA1
e5358364fe0708a41844ede1a36f6fcc9a8f3690
-
SHA256
dcbe20b26be818c4dd17cfcc9f77b141335922ce83015ba325bc568a0f5f04ec
-
SHA512
a51c481087519f3396bb9c17193fbc994f51c4417821474a5d5cb7a43146dec19a79de5e07d938585e2fcb64446b13559e0a9f9a92bc26f7ddf39fd297de1b0f
-
SSDEEP
768:8ZYOGJ8z39m6odrD2ydQtaCGvRDvqguFjI3LOLisuIPcH9e3FEx8EFK4AVSi0WCu:83t2dGanvsh2ki4PQeVEKE38TCNMBMpG
Malware Config
Targets
-
-
Target
dcbe20b26be818c4dd17cfcc9f77b141335922ce83015ba325bc568a0f5f04ecN.exe
-
Size
62KB
-
MD5
60df716ffbf9f20f8e9ee751ddc09460
-
SHA1
e5358364fe0708a41844ede1a36f6fcc9a8f3690
-
SHA256
dcbe20b26be818c4dd17cfcc9f77b141335922ce83015ba325bc568a0f5f04ec
-
SHA512
a51c481087519f3396bb9c17193fbc994f51c4417821474a5d5cb7a43146dec19a79de5e07d938585e2fcb64446b13559e0a9f9a92bc26f7ddf39fd297de1b0f
-
SSDEEP
768:8ZYOGJ8z39m6odrD2ydQtaCGvRDvqguFjI3LOLisuIPcH9e3FEx8EFK4AVSi0WCu:83t2dGanvsh2ki4PQeVEKE38TCNMBMpG
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-