General
-
Target
JaffaCakes118_221ac4820da2a641df7320694a45a0b2
-
Size
62KB
-
Sample
250225-f4byvsylx5
-
MD5
221ac4820da2a641df7320694a45a0b2
-
SHA1
7285e22ac85a76d4f9a00d2e9792b5514bc33373
-
SHA256
8cab1f109a9479a53a66e93574f43faf6adb177057a996d95f35f4e14dc46dc3
-
SHA512
f0ffa696795d8fb6eeb360824f029cca8e5d7ae0467f6699b6c3a43b9a8b79a39d9a9f252a93eaad9784176a5ebc591d4941ea8fc4ac6df0789346eb781449e6
-
SSDEEP
1536:uDf4CJtC2+bVZc6wFmzm0GjGkHMRcD5sbZE2ojTEtxe2:of4CtZ6N6LGaMS5cdqTEtxe2
Malware Config
Targets
-
-
Target
JaffaCakes118_221ac4820da2a641df7320694a45a0b2
-
Size
62KB
-
MD5
221ac4820da2a641df7320694a45a0b2
-
SHA1
7285e22ac85a76d4f9a00d2e9792b5514bc33373
-
SHA256
8cab1f109a9479a53a66e93574f43faf6adb177057a996d95f35f4e14dc46dc3
-
SHA512
f0ffa696795d8fb6eeb360824f029cca8e5d7ae0467f6699b6c3a43b9a8b79a39d9a9f252a93eaad9784176a5ebc591d4941ea8fc4ac6df0789346eb781449e6
-
SSDEEP
1536:uDf4CJtC2+bVZc6wFmzm0GjGkHMRcD5sbZE2ojTEtxe2:of4CtZ6N6LGaMS5cdqTEtxe2
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-