General
-
Target
JaffaCakes118_5f485e2086e8fe745d30c6110b08609b
-
Size
55KB
-
Sample
250310-p998aawjt9
-
MD5
5f485e2086e8fe745d30c6110b08609b
-
SHA1
d62d98b04dfed6b141f56f5e88829acddc6515b2
-
SHA256
5ff2f3ebb11a965f2dc529bc082a01ca6a835d855eca1406a9fbd39df365f5e6
-
SHA512
d3ab8d68c4350ee8f1c8f7ea6b86ad84e883f91407e8a7f645120c2deff79bcf66f96edb76ff2c031d085ceeb373cb0827386b53ae231a61ab988adc8b1098cf
-
SSDEEP
768:bwoV3FrPxkhKQiUrityh7eHAGnI/EDmAne/m7DR0mnNMzTs60ODQSd+g35uc6E:hPxBn0aDDZ/ITs/Oka+UuhE
Malware Config
Targets
-
-
Target
JaffaCakes118_5f485e2086e8fe745d30c6110b08609b
-
Size
55KB
-
MD5
5f485e2086e8fe745d30c6110b08609b
-
SHA1
d62d98b04dfed6b141f56f5e88829acddc6515b2
-
SHA256
5ff2f3ebb11a965f2dc529bc082a01ca6a835d855eca1406a9fbd39df365f5e6
-
SHA512
d3ab8d68c4350ee8f1c8f7ea6b86ad84e883f91407e8a7f645120c2deff79bcf66f96edb76ff2c031d085ceeb373cb0827386b53ae231a61ab988adc8b1098cf
-
SSDEEP
768:bwoV3FrPxkhKQiUrityh7eHAGnI/EDmAne/m7DR0mnNMzTs60ODQSd+g35uc6E:hPxBn0aDDZ/ITs/Oka+UuhE
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-