General
-
Target
JaffaCakes118_7fc7d6e04c6c637a643e94d370aa1da8
-
Size
91KB
-
Sample
250319-zhwkxssvay
-
MD5
7fc7d6e04c6c637a643e94d370aa1da8
-
SHA1
758c5e9e152c73c8ae284644536b459092c175c0
-
SHA256
b7c0628c16246d847889cf48e0ab5f0adbc8e45606b1da47b2ca5f042f18139d
-
SHA512
bae2008103b03efd9b7686a1e1626f7c7f43a8294d602d741205aee69b45eb91d3e2221b859513de32aaa3de9b5dcee17c6f16ea258733660a10335717affb6b
-
SSDEEP
768:5ST+kCis89kYOolNumYFwiPJPCTKoNfOMJhUz1Iz0ghUz1Iz028hUz1Iz0thUz1O:2K5m4wiPw2oF
Malware Config
Targets
-
-
Target
JaffaCakes118_7fc7d6e04c6c637a643e94d370aa1da8
-
Size
91KB
-
MD5
7fc7d6e04c6c637a643e94d370aa1da8
-
SHA1
758c5e9e152c73c8ae284644536b459092c175c0
-
SHA256
b7c0628c16246d847889cf48e0ab5f0adbc8e45606b1da47b2ca5f042f18139d
-
SHA512
bae2008103b03efd9b7686a1e1626f7c7f43a8294d602d741205aee69b45eb91d3e2221b859513de32aaa3de9b5dcee17c6f16ea258733660a10335717affb6b
-
SSDEEP
768:5ST+kCis89kYOolNumYFwiPJPCTKoNfOMJhUz1Iz0ghUz1Iz028hUz1Iz0thUz1O:2K5m4wiPw2oF
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-