General
-
Target
JaffaCakes118_adb3f9381eae6df08accce19e1aab3c3
-
Size
60KB
-
Sample
250411-kyak3at1gy
-
MD5
adb3f9381eae6df08accce19e1aab3c3
-
SHA1
070fbb69875d443cf1f6cab64bacaa298f3498f7
-
SHA256
f832e50177a1c5aeeb4fb525b2d7ac5670bc9c50b18892784fb3114440cb42e4
-
SHA512
106c7779c6027b1688b606298d1a43fa4460a155091336a301cfa7025496ef41d5ef29848d4485ee587e206e4cede54ab235fddf15c10de3e0b8cd3b69ea5f25
-
SSDEEP
768:XWjQfXPv9dRdhjEw9wFu9ED3AnrD0NpQUjmQ48sxbcthlgBA6ncscKBGD7LBC5:XWjQfn9Dx26sYQ4/ZcxL6pD4D7LU5
Malware Config
Targets
-
-
Target
JaffaCakes118_adb3f9381eae6df08accce19e1aab3c3
-
Size
60KB
-
MD5
adb3f9381eae6df08accce19e1aab3c3
-
SHA1
070fbb69875d443cf1f6cab64bacaa298f3498f7
-
SHA256
f832e50177a1c5aeeb4fb525b2d7ac5670bc9c50b18892784fb3114440cb42e4
-
SHA512
106c7779c6027b1688b606298d1a43fa4460a155091336a301cfa7025496ef41d5ef29848d4485ee587e206e4cede54ab235fddf15c10de3e0b8cd3b69ea5f25
-
SSDEEP
768:XWjQfXPv9dRdhjEw9wFu9ED3AnrD0NpQUjmQ48sxbcthlgBA6ncscKBGD7LBC5:XWjQfn9Dx26sYQ4/ZcxL6pD4D7LU5
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-