General
-
Target
JaffaCakes118_23546cf9becb2f1e8e9e276959fc194e
-
Size
154KB
-
Sample
250226-be3casylw2
-
MD5
23546cf9becb2f1e8e9e276959fc194e
-
SHA1
67d25bd36fe948b8c815750431236547c490757a
-
SHA256
c46ac9fb12044a383581ef0a1029c67860012d2137bb1b3163a53976a7094c41
-
SHA512
b1373f8d60c200089a2fa25176759cfeb06114165e080ed417cb7b36ada5df3ea0b14e7d914f5954317fbfdb54b8ffceb63e1fd9cae34b2c029693eec93103f8
-
SSDEEP
3072:pz7gJv8sqT6MM6MMMMMMMMM2kD+ipe9yB8vbk9T7QM65aqHVHN148jd3Aa0k4Poh:pz7aYNyBYA1Y148jd3Aa1X2dc53J
Malware Config
Targets
-
-
Target
JaffaCakes118_23546cf9becb2f1e8e9e276959fc194e
-
Size
154KB
-
MD5
23546cf9becb2f1e8e9e276959fc194e
-
SHA1
67d25bd36fe948b8c815750431236547c490757a
-
SHA256
c46ac9fb12044a383581ef0a1029c67860012d2137bb1b3163a53976a7094c41
-
SHA512
b1373f8d60c200089a2fa25176759cfeb06114165e080ed417cb7b36ada5df3ea0b14e7d914f5954317fbfdb54b8ffceb63e1fd9cae34b2c029693eec93103f8
-
SSDEEP
3072:pz7gJv8sqT6MM6MMMMMMMMM2kD+ipe9yB8vbk9T7QM65aqHVHN148jd3Aa0k4Poh:pz7aYNyBYA1Y148jd3Aa1X2dc53J
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-