General

  • Target

    e9ac12fc3fc1270c32b60515a6d7c98d_JaffaCakes118

  • Size

    267KB

  • Sample

    240918-wjhhxavclc

  • MD5

    e9ac12fc3fc1270c32b60515a6d7c98d

  • SHA1

    dd1b8db0d6fab4d3a943761a476b7df5ebd7af7f

  • SHA256

    effc79c9b966b3a5bb54aada889ec8e4224f39481bd3548cee88e11c3d5a6178

  • SHA512

    ee77bec19d7e2f66a4c173b44f78ae7eb3b00ddbc5053bc613ffa8b9730ce12969a3efa60f5004b9d706e384a19d4fd8c9ff7849be5998a82cc6f29a53073042

  • SSDEEP

    6144:Ao+j1NrPtqmhLOXg83y2WC3d1uf5vQiZKD1dxp/s4:ARllzhLOXr3vW2MfpJZKVpB

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      e9ac12fc3fc1270c32b60515a6d7c98d_JaffaCakes118

    • Size

      267KB

    • MD5

      e9ac12fc3fc1270c32b60515a6d7c98d

    • SHA1

      dd1b8db0d6fab4d3a943761a476b7df5ebd7af7f

    • SHA256

      effc79c9b966b3a5bb54aada889ec8e4224f39481bd3548cee88e11c3d5a6178

    • SHA512

      ee77bec19d7e2f66a4c173b44f78ae7eb3b00ddbc5053bc613ffa8b9730ce12969a3efa60f5004b9d706e384a19d4fd8c9ff7849be5998a82cc6f29a53073042

    • SSDEEP

      6144:Ao+j1NrPtqmhLOXg83y2WC3d1uf5vQiZKD1dxp/s4:ARllzhLOXr3vW2MfpJZKVpB

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks