General
-
Target
4cd32cff47c86236311c754276e707316e2b7bf20fba92f07ce03d22cb5a83a1N.exe
-
Size
106KB
-
Sample
241202-gbbm3axlek
-
MD5
86647a3128eb25c061b739a86cc627e0
-
SHA1
2d90c5d68bc5ce5740296d6b550e28ed3aa551ae
-
SHA256
4cd32cff47c86236311c754276e707316e2b7bf20fba92f07ce03d22cb5a83a1
-
SHA512
7097eb7506b1e3d189cee3159f40ce6250f1e449fb88b645a8122118f3ec266ecb291d9a9942865d5e2aa9d9eb50329260dc20f476a7f8e67c7d254bad0c3346
-
SSDEEP
1536:7SG9RdzoS5W0tu7mHY0J6V3wdyLpiJGVEP9ywlXB:eaVoS5jTY9AdyLQ7
Malware Config
Targets
-
-
Target
4cd32cff47c86236311c754276e707316e2b7bf20fba92f07ce03d22cb5a83a1N.exe
-
Size
106KB
-
MD5
86647a3128eb25c061b739a86cc627e0
-
SHA1
2d90c5d68bc5ce5740296d6b550e28ed3aa551ae
-
SHA256
4cd32cff47c86236311c754276e707316e2b7bf20fba92f07ce03d22cb5a83a1
-
SHA512
7097eb7506b1e3d189cee3159f40ce6250f1e449fb88b645a8122118f3ec266ecb291d9a9942865d5e2aa9d9eb50329260dc20f476a7f8e67c7d254bad0c3346
-
SSDEEP
1536:7SG9RdzoS5W0tu7mHY0J6V3wdyLpiJGVEP9ywlXB:eaVoS5jTY9AdyLQ7
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-