General

  • Target

    e9dda99b941e171145541a36c4c1bab0_JaffaCakes118

  • Size

    257KB

  • Sample

    240918-ylyc9azgqc

  • MD5

    e9dda99b941e171145541a36c4c1bab0

  • SHA1

    99001fb4cd3bb5045888f9808f9db65a412249db

  • SHA256

    83ff47dee88200932731289eda7c7e7457b95eccc46a69d6cda6bc462a1d4644

  • SHA512

    d50c47cae4d58d05cb7fab82bba6f662688bb633c1390ec29b4b6b7dbbff4b100890fb90911bf7f9f2699d49495bf13648884458eff4efa47da24f5458b5b65a

  • SSDEEP

    3072:3icFgFSqXNa0s3o2MV2SwcfjUGkmj1AWFhGIhtrJG+2ozcQU8gh1yhw7yds5VLGM:mXNNSo2EscAxmpDGIhtrTpUpH15WJS3

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      e9dda99b941e171145541a36c4c1bab0_JaffaCakes118

    • Size

      257KB

    • MD5

      e9dda99b941e171145541a36c4c1bab0

    • SHA1

      99001fb4cd3bb5045888f9808f9db65a412249db

    • SHA256

      83ff47dee88200932731289eda7c7e7457b95eccc46a69d6cda6bc462a1d4644

    • SHA512

      d50c47cae4d58d05cb7fab82bba6f662688bb633c1390ec29b4b6b7dbbff4b100890fb90911bf7f9f2699d49495bf13648884458eff4efa47da24f5458b5b65a

    • SSDEEP

      3072:3icFgFSqXNa0s3o2MV2SwcfjUGkmj1AWFhGIhtrJG+2ozcQU8gh1yhw7yds5VLGM:mXNNSo2EscAxmpDGIhtrTpUpH15WJS3

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks