General

  • Target

    e989dc7259c4dc855a41c0370dc6e9e3_JaffaCakes118

  • Size

    252KB

  • Sample

    240918-t43nga1dra

  • MD5

    e989dc7259c4dc855a41c0370dc6e9e3

  • SHA1

    4eacdfbf212caa573799403bd9dafcc6fc4fc0cb

  • SHA256

    a10f1fe50e775b9223c3816f760577b91319ce8042f1d9d1b3739894891534fb

  • SHA512

    d408c0a082f2ea966b4b6956a9afe3593bcafc5ef3152f15f7988ac06a69a65e32b0d5bd6244f9ad45424ece2160275f6826c2b8e5dba176d9074e3b0bec3329

  • SSDEEP

    6144:PVzVSleqEKiX2Lh7n0CqPgGATLZBBkhUt43essBAUz5WD:PV5SleqkkGCGA/deII

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      e989dc7259c4dc855a41c0370dc6e9e3_JaffaCakes118

    • Size

      252KB

    • MD5

      e989dc7259c4dc855a41c0370dc6e9e3

    • SHA1

      4eacdfbf212caa573799403bd9dafcc6fc4fc0cb

    • SHA256

      a10f1fe50e775b9223c3816f760577b91319ce8042f1d9d1b3739894891534fb

    • SHA512

      d408c0a082f2ea966b4b6956a9afe3593bcafc5ef3152f15f7988ac06a69a65e32b0d5bd6244f9ad45424ece2160275f6826c2b8e5dba176d9074e3b0bec3329

    • SSDEEP

      6144:PVzVSleqEKiX2Lh7n0CqPgGATLZBBkhUt43essBAUz5WD:PV5SleqkkGCGA/deII

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks