General
-
Target
JaffaCakes118_a9975aaf626ce6d1d5caf18bcddd6638
-
Size
162KB
-
Sample
250410-mcdfyaymt4
-
MD5
a9975aaf626ce6d1d5caf18bcddd6638
-
SHA1
2f231b49a3244178581179d3b46e89a354840e6a
-
SHA256
3983463abd9919593716063851e76edf048f198320c27d12cf18bec4b5489494
-
SHA512
b8a546dd6492b0a37f96cf29c552852819692c3d9e87ac36c85c53b65c8a36a56e25c3e91bda3046585a710c8875ea4906455d1c3cd93c89f715bfe1d4c35ce5
-
SSDEEP
3072:WnJRlMMGYJ+ipesjoccP9r5l2z3ScxI10HZKYHOQBYWiuhdPn9o:WJhjqPpOWcxI10Hiuhd/m
Malware Config
Targets
-
-
Target
JaffaCakes118_a9975aaf626ce6d1d5caf18bcddd6638
-
Size
162KB
-
MD5
a9975aaf626ce6d1d5caf18bcddd6638
-
SHA1
2f231b49a3244178581179d3b46e89a354840e6a
-
SHA256
3983463abd9919593716063851e76edf048f198320c27d12cf18bec4b5489494
-
SHA512
b8a546dd6492b0a37f96cf29c552852819692c3d9e87ac36c85c53b65c8a36a56e25c3e91bda3046585a710c8875ea4906455d1c3cd93c89f715bfe1d4c35ce5
-
SSDEEP
3072:WnJRlMMGYJ+ipesjoccP9r5l2z3ScxI10HZKYHOQBYWiuhdPn9o:WJhjqPpOWcxI10Hiuhd/m
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-