General
-
Target
JaffaCakes118_3412ee84c9f07faacbba2163afac4447
-
Size
42KB
-
Sample
250228-ycjthavybz
-
MD5
3412ee84c9f07faacbba2163afac4447
-
SHA1
19f4840861f661cac97aa3526bd1082eed34f0ee
-
SHA256
dc6195393a8cc9fc6920e7d94f0369af6a4317afe9f03532f3c2378096bbd4b3
-
SHA512
311fa287d8ccec86df0ca92416246211c31479a3e93a7cad854f3e72ce1d983d5c2e87ab84c0d596d27f27e15102f9f00c99a7de92d3f8f98c49995acad66219
-
SSDEEP
384:J0mZSxymG6FAYTNdQrWM2N5vjy2uM4O4s:vSEmTFANWM2NZUE
Malware Config
Targets
-
-
Target
JaffaCakes118_3412ee84c9f07faacbba2163afac4447
-
Size
42KB
-
MD5
3412ee84c9f07faacbba2163afac4447
-
SHA1
19f4840861f661cac97aa3526bd1082eed34f0ee
-
SHA256
dc6195393a8cc9fc6920e7d94f0369af6a4317afe9f03532f3c2378096bbd4b3
-
SHA512
311fa287d8ccec86df0ca92416246211c31479a3e93a7cad854f3e72ce1d983d5c2e87ab84c0d596d27f27e15102f9f00c99a7de92d3f8f98c49995acad66219
-
SSDEEP
384:J0mZSxymG6FAYTNdQrWM2N5vjy2uM4O4s:vSEmTFANWM2NZUE
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-