General
-
Target
JaffaCakes118_6029568aa302b654e3f65664181e5a4f
-
Size
92KB
-
Sample
250310-tvqbsa1kz9
-
MD5
6029568aa302b654e3f65664181e5a4f
-
SHA1
5f4c95eb1b8ad1f34098e20533af87b26310c1b2
-
SHA256
a42daa4e8b4ed31be956f6107fee5cb4c25d88acf08f47e54e907e7b3ed44ac7
-
SHA512
dda034df269a1657338ccb95b5486bd45ec2cdd647ecc5357789203ea52abe8d0c6ec3e7b09c9d963897d05630d72995351a6568a69cbb7e96ca21807b35804b
-
SSDEEP
1536:FlY0b21rUYVknXfUlkStpUpbVwzgVxkNenDC:k0bykGkStpUJVwMLkNem
Malware Config
Targets
-
-
Target
JaffaCakes118_6029568aa302b654e3f65664181e5a4f
-
Size
92KB
-
MD5
6029568aa302b654e3f65664181e5a4f
-
SHA1
5f4c95eb1b8ad1f34098e20533af87b26310c1b2
-
SHA256
a42daa4e8b4ed31be956f6107fee5cb4c25d88acf08f47e54e907e7b3ed44ac7
-
SHA512
dda034df269a1657338ccb95b5486bd45ec2cdd647ecc5357789203ea52abe8d0c6ec3e7b09c9d963897d05630d72995351a6568a69cbb7e96ca21807b35804b
-
SSDEEP
1536:FlY0b21rUYVknXfUlkStpUpbVwzgVxkNenDC:k0bykGkStpUJVwMLkNem
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-