General
-
Target
JaffaCakes118_51ff08444c74ba64262c405570b9133b
-
Size
88KB
-
Sample
250305-pbq2raxzgv
-
MD5
51ff08444c74ba64262c405570b9133b
-
SHA1
d61387d7f12ff192ad6400114efd85c6b4325965
-
SHA256
321637379782a5fcef8b64ed68d6717c84011625dbd80a71c3d05268c9506b85
-
SHA512
cb922732889ba4431308eaa5f36289b34fe4fa6418f668cf56046c09f18ba866ebc673e6bf30a2319adcfe55465014c3fe2ea22826397667cdbc30618561aa90
-
SSDEEP
1536:hjRJE6bcd9mh48+DL/A1pFCNUIX0kM4xAmam7QGPBndwF8G6k:hFC6bcd9a489oNUIXbM4LbtBKF8G6
Malware Config
Targets
-
-
Target
JaffaCakes118_51ff08444c74ba64262c405570b9133b
-
Size
88KB
-
MD5
51ff08444c74ba64262c405570b9133b
-
SHA1
d61387d7f12ff192ad6400114efd85c6b4325965
-
SHA256
321637379782a5fcef8b64ed68d6717c84011625dbd80a71c3d05268c9506b85
-
SHA512
cb922732889ba4431308eaa5f36289b34fe4fa6418f668cf56046c09f18ba866ebc673e6bf30a2319adcfe55465014c3fe2ea22826397667cdbc30618561aa90
-
SSDEEP
1536:hjRJE6bcd9mh48+DL/A1pFCNUIX0kM4xAmam7QGPBndwF8G6k:hFC6bcd9a489oNUIXbM4LbtBKF8G6
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-