General

  • Target

    e9e8bab6eb6ee47423e6ff6a8f7e8b9d_JaffaCakes118

  • Size

    254KB

  • Sample

    240918-y5xk3asckp

  • MD5

    e9e8bab6eb6ee47423e6ff6a8f7e8b9d

  • SHA1

    04a8545bd14d52d22f014fb74ac19c0f4eb31531

  • SHA256

    0a0d4a2fa305593483e22240a3af815096736a315d64263365dcc8c88d6e652b

  • SHA512

    6cb0fb143e7eda611b4d4c7c1d5d158e090a898f0a9e563304895c1f9f39893fa50a7c7ac27790b99f5dd92f36fe04ce36f0646e27fa98e248db7a791c1a1727

  • SSDEEP

    6144:HSR9/D9g5V4wY16+GIWrW3FLp03OCsjWN71IVbVfz6:CGUwD1ICW3F94OvO+Vbpz6

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      e9e8bab6eb6ee47423e6ff6a8f7e8b9d_JaffaCakes118

    • Size

      254KB

    • MD5

      e9e8bab6eb6ee47423e6ff6a8f7e8b9d

    • SHA1

      04a8545bd14d52d22f014fb74ac19c0f4eb31531

    • SHA256

      0a0d4a2fa305593483e22240a3af815096736a315d64263365dcc8c88d6e652b

    • SHA512

      6cb0fb143e7eda611b4d4c7c1d5d158e090a898f0a9e563304895c1f9f39893fa50a7c7ac27790b99f5dd92f36fe04ce36f0646e27fa98e248db7a791c1a1727

    • SSDEEP

      6144:HSR9/D9g5V4wY16+GIWrW3FLp03OCsjWN71IVbVfz6:CGUwD1ICW3F94OvO+Vbpz6

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks