General
-
Target
JaffaCakes118_24ce31bfe0833fdd983f1d8774810990
-
Size
217KB
-
Sample
250226-kr5gvssp14
-
MD5
24ce31bfe0833fdd983f1d8774810990
-
SHA1
2aad718bea768550272139e452f85522ec8dd1ae
-
SHA256
c5c7c17bf65757c40b1a470c760e53e3532f53759c63c58f560d4366a531c74b
-
SHA512
775c303567e7b1ee0c6cf92ec42984078d0bc3087f6b027e871517b9d14efb36bf00ce5dd86ca8e2a9df6d29240649e05b5ec13b688570350cb2052c5acac47e
-
SSDEEP
6144:/14RzUNsYN1B9nX9Ud9HedlT4RYWevQ7pptz9xsfLMmocyYl45aD4fP0Y5kFzgFo:/8zCsYBcDC
Malware Config
Targets
-
-
Target
JaffaCakes118_24ce31bfe0833fdd983f1d8774810990
-
Size
217KB
-
MD5
24ce31bfe0833fdd983f1d8774810990
-
SHA1
2aad718bea768550272139e452f85522ec8dd1ae
-
SHA256
c5c7c17bf65757c40b1a470c760e53e3532f53759c63c58f560d4366a531c74b
-
SHA512
775c303567e7b1ee0c6cf92ec42984078d0bc3087f6b027e871517b9d14efb36bf00ce5dd86ca8e2a9df6d29240649e05b5ec13b688570350cb2052c5acac47e
-
SSDEEP
6144:/14RzUNsYN1B9nX9Ud9HedlT4RYWevQ7pptz9xsfLMmocyYl45aD4fP0Y5kFzgFo:/8zCsYBcDC
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-