General
-
Target
JaffaCakes118_3e4ce0ac61692035dd1a340bdbf58550
-
Size
102KB
-
Sample
250302-gmf2xsxjy5
-
MD5
3e4ce0ac61692035dd1a340bdbf58550
-
SHA1
825e0eb83d7177b3dacd35ed3bf09bd95606226f
-
SHA256
9c1ea511005895e3b3a5991dabc2c41630a4c78791160406b23a7ba1b484febe
-
SHA512
14822276c59edbdd3b738777b55c8f7c5ae954b84c214673c21a8778762664c38454d713de567af0e489223195c1d1c492f27848355eec15adf603b4c593874d
-
SSDEEP
768:1U3YOKhv05tblSEQbSY2S0uHFD5DlDDSis/IGCSml7phARzFqCLikJt1ZNP6N6U1:I3KkIb3LrBDD9Hr5A9gOdtR60UrKA42
Malware Config
Targets
-
-
Target
JaffaCakes118_3e4ce0ac61692035dd1a340bdbf58550
-
Size
102KB
-
MD5
3e4ce0ac61692035dd1a340bdbf58550
-
SHA1
825e0eb83d7177b3dacd35ed3bf09bd95606226f
-
SHA256
9c1ea511005895e3b3a5991dabc2c41630a4c78791160406b23a7ba1b484febe
-
SHA512
14822276c59edbdd3b738777b55c8f7c5ae954b84c214673c21a8778762664c38454d713de567af0e489223195c1d1c492f27848355eec15adf603b4c593874d
-
SSDEEP
768:1U3YOKhv05tblSEQbSY2S0uHFD5DlDDSis/IGCSml7phARzFqCLikJt1ZNP6N6U1:I3KkIb3LrBDD9Hr5A9gOdtR60UrKA42
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-