General
-
Target
JaffaCakes118_6a72a8b6cfed8d966daeac9be7eb5f6a
-
Size
43KB
-
Sample
250312-mb3pfaxtfx
-
MD5
6a72a8b6cfed8d966daeac9be7eb5f6a
-
SHA1
a9c7142f61f722168437618b894cedeeb56b5833
-
SHA256
e621d8b39446f710c9a7b2d57f936eba38c9490eca1c4c700972dddeeeef3162
-
SHA512
e73dadb265157844506fbf04b827dbbe3ea517d1c03b01b60d38a0fa08219f90e8012b87773b14cab369d70a195d7c15d3f91b96521a45a9c683ffb9e58b5a14
-
SSDEEP
768:UmpM8yRXjkWM8CuAWwNWzXN2zxQ+/T7LK3qU2UYCwanFNIOxTAnD:UaIij0XwK9y/zK6A9nFmOxTA
Malware Config
Targets
-
-
Target
JaffaCakes118_6a72a8b6cfed8d966daeac9be7eb5f6a
-
Size
43KB
-
MD5
6a72a8b6cfed8d966daeac9be7eb5f6a
-
SHA1
a9c7142f61f722168437618b894cedeeb56b5833
-
SHA256
e621d8b39446f710c9a7b2d57f936eba38c9490eca1c4c700972dddeeeef3162
-
SHA512
e73dadb265157844506fbf04b827dbbe3ea517d1c03b01b60d38a0fa08219f90e8012b87773b14cab369d70a195d7c15d3f91b96521a45a9c683ffb9e58b5a14
-
SSDEEP
768:UmpM8yRXjkWM8CuAWwNWzXN2zxQ+/T7LK3qU2UYCwanFNIOxTAnD:UaIij0XwK9y/zK6A9nFmOxTA
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-