General
-
Target
JaffaCakes118_69c008baead7fa0cb4bcfc8eaf794614
-
Size
120KB
-
Sample
250312-jccymasls2
-
MD5
69c008baead7fa0cb4bcfc8eaf794614
-
SHA1
2efb6eb58b20a7eb0d7f58b8c6ae5f63c45f8da1
-
SHA256
31189564128441c9167a0d94168f1f16545131e8486fbdeaec95397b42690274
-
SHA512
91747fc932f419be9c414c749346aa0cf3a5168d050ccaa1a4475546eca31d3eb0ab70efa727599105ef85f698a880a00571bf7fcd196b563f25b870d1e594ed
-
SSDEEP
3072:EU1m/ow8RfFLPb/078/lfVtV1cZgE9jgCy67F7R:LmwXJbs7u1cZBG767Fd
Malware Config
Targets
-
-
Target
JaffaCakes118_69c008baead7fa0cb4bcfc8eaf794614
-
Size
120KB
-
MD5
69c008baead7fa0cb4bcfc8eaf794614
-
SHA1
2efb6eb58b20a7eb0d7f58b8c6ae5f63c45f8da1
-
SHA256
31189564128441c9167a0d94168f1f16545131e8486fbdeaec95397b42690274
-
SHA512
91747fc932f419be9c414c749346aa0cf3a5168d050ccaa1a4475546eca31d3eb0ab70efa727599105ef85f698a880a00571bf7fcd196b563f25b870d1e594ed
-
SSDEEP
3072:EU1m/ow8RfFLPb/078/lfVtV1cZgE9jgCy67F7R:LmwXJbs7u1cZBG767Fd
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-