General
-
Target
b011f80f86d655460b74482506ca53f5_JaffaCakes118
-
Size
833KB
-
Sample
241129-kjk39awjf1
-
MD5
b011f80f86d655460b74482506ca53f5
-
SHA1
ec56ada0570ec71ca0fe7fe27587cff040ba99c0
-
SHA256
0461dc2b1fa200c6f1ec4b302f8c5f128f82bab754d8d461e20e494c2015dc8c
-
SHA512
e9cdce5edfc2596b87c4eaf278e841f041be78203c8a34c6e44fa17cf855231a5be17a570ecda25901e251f074e891bbfae916b6629e3d5bedfd52b949172620
-
SSDEEP
24576:kRmJkcoQricOIQxiZY1WNi/NvDAFEeEMuoKq5/Bb:hJZoQrbTFZY1WNiZEWeEMbhB
Malware Config
Targets
-
-
Target
b011f80f86d655460b74482506ca53f5_JaffaCakes118
-
Size
833KB
-
MD5
b011f80f86d655460b74482506ca53f5
-
SHA1
ec56ada0570ec71ca0fe7fe27587cff040ba99c0
-
SHA256
0461dc2b1fa200c6f1ec4b302f8c5f128f82bab754d8d461e20e494c2015dc8c
-
SHA512
e9cdce5edfc2596b87c4eaf278e841f041be78203c8a34c6e44fa17cf855231a5be17a570ecda25901e251f074e891bbfae916b6629e3d5bedfd52b949172620
-
SSDEEP
24576:kRmJkcoQricOIQxiZY1WNi/NvDAFEeEMuoKq5/Bb:hJZoQrbTFZY1WNiZEWeEMbhB
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-