General
-
Target
JaffaCakes118_9d5bae919928da882b8329c7801456f4
-
Size
83KB
-
Sample
250407-b1kz5stwgy
-
MD5
9d5bae919928da882b8329c7801456f4
-
SHA1
d8395b2e9bcd684c3512f49093bb5cf5c00ae071
-
SHA256
83cb41214c581f9f116ad1db639825fe905c9f16bc7f1b7b38bd4a2bb016965b
-
SHA512
fe1d613d0e3443d60d89530e020d8d375c606b8af8a1c3953605fdad27feb2cb5cdca1750826ce1179a7aedcba9c1e116ee869ee1d26734e63a6604c26e96169
-
SSDEEP
1536:AS7D7hSgjpEQGFzNs6HsUswzaCN4ahCQ6g5a0yRxGiqXyvWQuvZozJ83qw7f1mlB:AS7D/psdMRZl2p6lcAso1GcItT0Tp6KX
Malware Config
Targets
-
-
Target
JaffaCakes118_9d5bae919928da882b8329c7801456f4
-
Size
83KB
-
MD5
9d5bae919928da882b8329c7801456f4
-
SHA1
d8395b2e9bcd684c3512f49093bb5cf5c00ae071
-
SHA256
83cb41214c581f9f116ad1db639825fe905c9f16bc7f1b7b38bd4a2bb016965b
-
SHA512
fe1d613d0e3443d60d89530e020d8d375c606b8af8a1c3953605fdad27feb2cb5cdca1750826ce1179a7aedcba9c1e116ee869ee1d26734e63a6604c26e96169
-
SSDEEP
1536:AS7D7hSgjpEQGFzNs6HsUswzaCN4ahCQ6g5a0yRxGiqXyvWQuvZozJ83qw7f1mlB:AS7D/psdMRZl2p6lcAso1GcItT0Tp6KX
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-