General
-
Target
JaffaCakes118_af90fab2ac474786581372a360b746dd
-
Size
36KB
-
Sample
250411-xqfhkaxns2
-
MD5
af90fab2ac474786581372a360b746dd
-
SHA1
f1c0c233f471433d0499f20fad9f9f385a4cb923
-
SHA256
2cf0a8e0b1a93dbf422485c1a85be6a7384a816972906b8ca61f9a43db415b62
-
SHA512
ce13e5c0cc9f865e7b15f0fa007fa1453d4bd6705ce9cd2be13f3420ea2cc2ec93f46d674d715864290c9cb20ee05dec1246464f9ec00f3cdba25a390c4b2252
-
SSDEEP
768:GHQkCis89kYOolNumYFwiPJPCTKoNfAP3MChRSSbrJQ:gK5m4wiPw2o6T1Q
Malware Config
Targets
-
-
Target
JaffaCakes118_af90fab2ac474786581372a360b746dd
-
Size
36KB
-
MD5
af90fab2ac474786581372a360b746dd
-
SHA1
f1c0c233f471433d0499f20fad9f9f385a4cb923
-
SHA256
2cf0a8e0b1a93dbf422485c1a85be6a7384a816972906b8ca61f9a43db415b62
-
SHA512
ce13e5c0cc9f865e7b15f0fa007fa1453d4bd6705ce9cd2be13f3420ea2cc2ec93f46d674d715864290c9cb20ee05dec1246464f9ec00f3cdba25a390c4b2252
-
SSDEEP
768:GHQkCis89kYOolNumYFwiPJPCTKoNfAP3MChRSSbrJQ:gK5m4wiPw2o6T1Q
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-