General
-
Target
JaffaCakes118_415c1886234cc417960c2eee3a3c7800
-
Size
80KB
-
Sample
250302-vawthayq15
-
MD5
415c1886234cc417960c2eee3a3c7800
-
SHA1
5d4d6f9633f74d952b5a3adcba58de35e232f197
-
SHA256
240c1c2bd904303aaa436231aa43b84da3ba5d21a854c7bc5ebc32359ae14941
-
SHA512
caffc27abf4e4cb32cf4db6240c2164dd91838c3f31738faeb72bfbb4fc477d9b9cdacacfef062637f25cb5d41d3169f4d95dd09c4c4494d4b12b31e2fa5e12d
-
SSDEEP
1536:y6qgh1+UcqDfR6ezz3k0RX8p8eJXcEhxUNi3I+ZIwNJ:y6q8+XyztX8phJXcEINbw3
Malware Config
Targets
-
-
Target
JaffaCakes118_415c1886234cc417960c2eee3a3c7800
-
Size
80KB
-
MD5
415c1886234cc417960c2eee3a3c7800
-
SHA1
5d4d6f9633f74d952b5a3adcba58de35e232f197
-
SHA256
240c1c2bd904303aaa436231aa43b84da3ba5d21a854c7bc5ebc32359ae14941
-
SHA512
caffc27abf4e4cb32cf4db6240c2164dd91838c3f31738faeb72bfbb4fc477d9b9cdacacfef062637f25cb5d41d3169f4d95dd09c4c4494d4b12b31e2fa5e12d
-
SSDEEP
1536:y6qgh1+UcqDfR6ezz3k0RX8p8eJXcEhxUNi3I+ZIwNJ:y6q8+XyztX8phJXcEINbw3
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-