General
-
Target
2aafaff9ceb013dc68b5f22333c5f0bb2935dd49da8dae6b7a71c3fcf1de6d28.exe
-
Size
62KB
-
Sample
241201-xq3m4atlcp
-
MD5
1b1ff5aa0d57cd76901edc24c218f254
-
SHA1
5e40715bbe59cda3124d89862eba0696f3f435c4
-
SHA256
2aafaff9ceb013dc68b5f22333c5f0bb2935dd49da8dae6b7a71c3fcf1de6d28
-
SHA512
de8f1ab3cd051705cd461c2b3ff479ae3dbfd340916675292e1b180ed6891d01c64887fa655b8fc680957c7fadf77af10c7da4ee56cb3563587f8df520f78e89
-
SSDEEP
768:8ZYOGJ8z39m6odrD2ydQtaCGvRDvqguFjI3LOLisuIPcH9e3FEx8EFK4AVSi0WCT:83t2dGanvsh2ki4PQeVEKE38TCNMBMpr
Malware Config
Targets
-
-
Target
2aafaff9ceb013dc68b5f22333c5f0bb2935dd49da8dae6b7a71c3fcf1de6d28.exe
-
Size
62KB
-
MD5
1b1ff5aa0d57cd76901edc24c218f254
-
SHA1
5e40715bbe59cda3124d89862eba0696f3f435c4
-
SHA256
2aafaff9ceb013dc68b5f22333c5f0bb2935dd49da8dae6b7a71c3fcf1de6d28
-
SHA512
de8f1ab3cd051705cd461c2b3ff479ae3dbfd340916675292e1b180ed6891d01c64887fa655b8fc680957c7fadf77af10c7da4ee56cb3563587f8df520f78e89
-
SSDEEP
768:8ZYOGJ8z39m6odrD2ydQtaCGvRDvqguFjI3LOLisuIPcH9e3FEx8EFK4AVSi0WCT:83t2dGanvsh2ki4PQeVEKE38TCNMBMpr
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-