General
-
Target
JaffaCakes118_237fcf4433db34d76442507f23a297dd
-
Size
92KB
-
Sample
250226-cwywwasly4
-
MD5
237fcf4433db34d76442507f23a297dd
-
SHA1
80093b35184c4b1e39ebfbe536ea149b6c53bd27
-
SHA256
1ca0b014bf39a6292906fe7e3d1a4ffb4176f4f45fcfdc9612b3fe5799079d93
-
SHA512
cf3675f8f3ef72211ea2acc267824737a0556944b68e3492c8053d9049adadabdc148bda33f374423919b53ff095ebd5a9d69c10e7d8bba77536764ae3f0a59a
-
SSDEEP
1536:nej0T00irLVRQSKtGeGE67zLnUbzCSNH+3eD6nrU0CZaEaxxNytby8LJ1kRmniVC:ehhnKA4H+DU0B3rEtBLJOXCcZA29rpol
Malware Config
Targets
-
-
Target
JaffaCakes118_237fcf4433db34d76442507f23a297dd
-
Size
92KB
-
MD5
237fcf4433db34d76442507f23a297dd
-
SHA1
80093b35184c4b1e39ebfbe536ea149b6c53bd27
-
SHA256
1ca0b014bf39a6292906fe7e3d1a4ffb4176f4f45fcfdc9612b3fe5799079d93
-
SHA512
cf3675f8f3ef72211ea2acc267824737a0556944b68e3492c8053d9049adadabdc148bda33f374423919b53ff095ebd5a9d69c10e7d8bba77536764ae3f0a59a
-
SSDEEP
1536:nej0T00irLVRQSKtGeGE67zLnUbzCSNH+3eD6nrU0CZaEaxxNytby8LJ1kRmniVC:ehhnKA4H+DU0B3rEtBLJOXCcZA29rpol
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-