General
-
Target
JaffaCakes118_9bedd93cdaf15fe80e8b2f692fee6037
-
Size
111KB
-
Sample
250406-t671zawly6
-
MD5
9bedd93cdaf15fe80e8b2f692fee6037
-
SHA1
79415e8823ee506898fb7905e28edf4752590f04
-
SHA256
15f9613984c3c2a17543f53716183fc14c1e57bf5c051ef433a193c70e35ebf4
-
SHA512
fc9b6374eb6d97db0df6e731428b1a07eb97d32b74aa2ef92ff65ce674e0bc3d33a2bf7b8ff93158a01520c51121ebb8d2e25d1c421816331b15f52cf35eccd7
-
SSDEEP
3072:JpowCV2CzdK4eEAaV+Lc15PVVPIg6zgPaU85r1so/JXbEs8Y99X:JSR1ebaV+LclVP5p
Malware Config
Targets
-
-
Target
JaffaCakes118_9bedd93cdaf15fe80e8b2f692fee6037
-
Size
111KB
-
MD5
9bedd93cdaf15fe80e8b2f692fee6037
-
SHA1
79415e8823ee506898fb7905e28edf4752590f04
-
SHA256
15f9613984c3c2a17543f53716183fc14c1e57bf5c051ef433a193c70e35ebf4
-
SHA512
fc9b6374eb6d97db0df6e731428b1a07eb97d32b74aa2ef92ff65ce674e0bc3d33a2bf7b8ff93158a01520c51121ebb8d2e25d1c421816331b15f52cf35eccd7
-
SSDEEP
3072:JpowCV2CzdK4eEAaV+Lc15PVVPIg6zgPaU85r1so/JXbEs8Y99X:JSR1ebaV+LclVP5p
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-