General
-
Target
cb204f3f12a90869cab1d759bda48735_JaffaCakes118
-
Size
51KB
-
Sample
241206-ffn9aawrhl
-
MD5
cb204f3f12a90869cab1d759bda48735
-
SHA1
6da491505d464d6ff64536c92d11af5a84c01acc
-
SHA256
ec9a4fd9024138a01b5916556970c12ec37eb2009da6cbc1a86d9668163803e4
-
SHA512
b0c64367f9cc5b85f4127ea96ab8033b72b1a9aba14d1b71fb4d87466281db59b580a5f981faabbc3fc36241c68b49127db58cdef187975b1e74e02031510fa8
-
SSDEEP
1536:+8bfnPuS8Hsl31mg8AV9svsYf+WH+QQ2rm:FfnPuSTpIg8YsEFWH1Qmm
Malware Config
Targets
-
-
Target
cb204f3f12a90869cab1d759bda48735_JaffaCakes118
-
Size
51KB
-
MD5
cb204f3f12a90869cab1d759bda48735
-
SHA1
6da491505d464d6ff64536c92d11af5a84c01acc
-
SHA256
ec9a4fd9024138a01b5916556970c12ec37eb2009da6cbc1a86d9668163803e4
-
SHA512
b0c64367f9cc5b85f4127ea96ab8033b72b1a9aba14d1b71fb4d87466281db59b580a5f981faabbc3fc36241c68b49127db58cdef187975b1e74e02031510fa8
-
SSDEEP
1536:+8bfnPuS8Hsl31mg8AV9svsYf+WH+QQ2rm:FfnPuSTpIg8YsEFWH1Qmm
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-