General
-
Target
JaffaCakes118_72b581dd27b6015a1b95bc648530ac32
-
Size
90KB
-
Sample
250314-bmydbaxyay
-
MD5
72b581dd27b6015a1b95bc648530ac32
-
SHA1
9a177bd7f70c35e96cc38623ede601c612555ab6
-
SHA256
e316c5481e6bcfa535ab3689b8877a6293066377ea153979c7fcb8c83b27f074
-
SHA512
bdfeea29a3be1528c0c48d80b267be02beb9635fcb68b4ef9ca4592049ff7a669d6a5d8e7dae053e027bfc95e985f9e5d3adbd1274252999e6a772202b3c29b4
-
SSDEEP
1536:k6ywaTDQErOy2gLNLkLo1QTEiV0QTqmu+Fyl0e7ckabvnLEVbHHvR061udxjzitQ:kPTKy2gLWc4tT9hwcdbvn0L21jOQ
Malware Config
Targets
-
-
Target
JaffaCakes118_72b581dd27b6015a1b95bc648530ac32
-
Size
90KB
-
MD5
72b581dd27b6015a1b95bc648530ac32
-
SHA1
9a177bd7f70c35e96cc38623ede601c612555ab6
-
SHA256
e316c5481e6bcfa535ab3689b8877a6293066377ea153979c7fcb8c83b27f074
-
SHA512
bdfeea29a3be1528c0c48d80b267be02beb9635fcb68b4ef9ca4592049ff7a669d6a5d8e7dae053e027bfc95e985f9e5d3adbd1274252999e6a772202b3c29b4
-
SSDEEP
1536:k6ywaTDQErOy2gLNLkLo1QTEiV0QTqmu+Fyl0e7ckabvnLEVbHHvR061udxjzitQ:kPTKy2gLWc4tT9hwcdbvn0L21jOQ
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-