General
-
Target
JaffaCakes118_501de7a3c3fcf49ae679e0e1a4647954
-
Size
130KB
-
Sample
250305-c19tyawnx2
-
MD5
501de7a3c3fcf49ae679e0e1a4647954
-
SHA1
b397a8511cca6bd06120d358332e9ac9811c1b3a
-
SHA256
dcd652ab491333fa7a1629c42b4828ee00d748019dad1e1cc27015ad617e3386
-
SHA512
a13664487a760ee766901f9273178384c780420a856e849a50df678bd62a302ef03bcc15c06ead6555e349eb5e7a7d5989003b9ec04f9a6403145c5495dcbcad
-
SSDEEP
768:63wD8nDo85dItyQtF/5tkblGrMfNb4ptxdFghB:vwDZUyQ3Bi5GrMfCbHQB
Malware Config
Targets
-
-
Target
JaffaCakes118_501de7a3c3fcf49ae679e0e1a4647954
-
Size
130KB
-
MD5
501de7a3c3fcf49ae679e0e1a4647954
-
SHA1
b397a8511cca6bd06120d358332e9ac9811c1b3a
-
SHA256
dcd652ab491333fa7a1629c42b4828ee00d748019dad1e1cc27015ad617e3386
-
SHA512
a13664487a760ee766901f9273178384c780420a856e849a50df678bd62a302ef03bcc15c06ead6555e349eb5e7a7d5989003b9ec04f9a6403145c5495dcbcad
-
SSDEEP
768:63wD8nDo85dItyQtF/5tkblGrMfNb4ptxdFghB:vwDZUyQ3Bi5GrMfCbHQB
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-