General
-
Target
bd70b05c75fc137b6c84fbcb2a921e68_JaffaCakes118
-
Size
63KB
-
Sample
241203-pwm6la1mck
-
MD5
bd70b05c75fc137b6c84fbcb2a921e68
-
SHA1
2593b017943106798fe96be53cda3d4b46c06c15
-
SHA256
dfd1bfd62b74559f3ae53c1f7c7a299efbfcb8feb6a76cd235eb339516273140
-
SHA512
53511fa40af9c404cf8f86dd48d6e67b19172251b7e50185cb935689f67779e272dd2d1ed33a38d20d1b258812f0e8687884d17772f288f99ee5a01734320273
-
SSDEEP
1536:pXTCimHm89e26XhSPJ2qZwm0ZnrZIhFo8g6LNuGsJ4rOG:pXTjmHp9UQBGmCdklg6xuGsJ47
Malware Config
Targets
-
-
Target
bd70b05c75fc137b6c84fbcb2a921e68_JaffaCakes118
-
Size
63KB
-
MD5
bd70b05c75fc137b6c84fbcb2a921e68
-
SHA1
2593b017943106798fe96be53cda3d4b46c06c15
-
SHA256
dfd1bfd62b74559f3ae53c1f7c7a299efbfcb8feb6a76cd235eb339516273140
-
SHA512
53511fa40af9c404cf8f86dd48d6e67b19172251b7e50185cb935689f67779e272dd2d1ed33a38d20d1b258812f0e8687884d17772f288f99ee5a01734320273
-
SSDEEP
1536:pXTCimHm89e26XhSPJ2qZwm0ZnrZIhFo8g6LNuGsJ4rOG:pXTjmHp9UQBGmCdklg6xuGsJ47
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-