General
-
Target
c599ab9b9d364fad140dfa520a24d704_JaffaCakes118
-
Size
42KB
-
Sample
241205-dk3w5avqhy
-
MD5
c599ab9b9d364fad140dfa520a24d704
-
SHA1
c8b9e68c7962e0d5b6a37b4fabfa00290db87172
-
SHA256
f74fae9b73620a3d4326e8f856aef7cc0693e8875c76282dfc58017f74438799
-
SHA512
a56d5e2d49a1918c9f7f73618fb04e0c9995361d821d43091fb8a55a7a2c9d84e5d5594933dbadd3d59e9ba2813636cce963168d7243c5c2b618c2828e1bccc9
-
SSDEEP
768:P/2Ofs2HtrzzXrDGerrrrrrrrrrrrrrrrrrrrrrrrrr3CRvkrrrrrrhrrrrrrrrG:PTsyrzzXrDGerrrrrrrrrrrrrrrrrrri
Malware Config
Targets
-
-
Target
c599ab9b9d364fad140dfa520a24d704_JaffaCakes118
-
Size
42KB
-
MD5
c599ab9b9d364fad140dfa520a24d704
-
SHA1
c8b9e68c7962e0d5b6a37b4fabfa00290db87172
-
SHA256
f74fae9b73620a3d4326e8f856aef7cc0693e8875c76282dfc58017f74438799
-
SHA512
a56d5e2d49a1918c9f7f73618fb04e0c9995361d821d43091fb8a55a7a2c9d84e5d5594933dbadd3d59e9ba2813636cce963168d7243c5c2b618c2828e1bccc9
-
SSDEEP
768:P/2Ofs2HtrzzXrDGerrrrrrrrrrrrrrrrrrrrrrrrrr3CRvkrrrrrrhrrrrrrrrG:PTsyrzzXrDGerrrrrrrrrrrrrrrrrrri
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-