General

  • Target

    e9d9f66e2186b2dfb988dbcd137f7edb_JaffaCakes118

  • Size

    264KB

  • Sample

    240918-yfptxszdrd

  • MD5

    e9d9f66e2186b2dfb988dbcd137f7edb

  • SHA1

    d48069adafbe6076842552526d8f158a4b1d7735

  • SHA256

    40f9d226657011c4c3f4c0b3668eeea0a63a022f04e134cc175664dea98b44ad

  • SHA512

    ee39680c20744e2a7b39e3efc816e95a1d4da7371639123681de07544be1e2b67fb8500febc7b4fb193db01102262c193c11ff54e63f9bc21d116e3d962e6b00

  • SSDEEP

    6144:OrlVrh6fSkFmTGpUpulbFrHuDpGQkwO8T62asOLNhIbwHojoDtbatbeWK:4oZ8qpUwufw8T6XLNhcwHWntbbK

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      e9d9f66e2186b2dfb988dbcd137f7edb_JaffaCakes118

    • Size

      264KB

    • MD5

      e9d9f66e2186b2dfb988dbcd137f7edb

    • SHA1

      d48069adafbe6076842552526d8f158a4b1d7735

    • SHA256

      40f9d226657011c4c3f4c0b3668eeea0a63a022f04e134cc175664dea98b44ad

    • SHA512

      ee39680c20744e2a7b39e3efc816e95a1d4da7371639123681de07544be1e2b67fb8500febc7b4fb193db01102262c193c11ff54e63f9bc21d116e3d962e6b00

    • SSDEEP

      6144:OrlVrh6fSkFmTGpUpulbFrHuDpGQkwO8T62asOLNhIbwHojoDtbatbeWK:4oZ8qpUwufw8T6XLNhcwHWntbbK

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks