General

  • Target

    ea536aa7596f194a760cf828a95e0f51_JaffaCakes118

  • Size

    277KB

  • Sample

    240919-bpptystbrb

  • MD5

    ea536aa7596f194a760cf828a95e0f51

  • SHA1

    e8049c9e637746dfa64b03f890029c5fcace1fac

  • SHA256

    d43d908c24070db240a43257a0c7cab50b337d2173e3c95794384edc511d8af3

  • SHA512

    6b1e8fa546d2282d334d67d2b058faf466a7f0c6480cf5780e161a3c2d98cb05a4082a8f06924971dead871024e458d7069ea1f2cfc973cd40733ef2cfbd9818

  • SSDEEP

    6144:EV1VjlMindSC/xSAZ21ICSFjmf9fWDCxS2K0naW+tIqlnlkka:E1jlMiSGxBUVSFmf9fx2G4eu6r

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      ea536aa7596f194a760cf828a95e0f51_JaffaCakes118

    • Size

      277KB

    • MD5

      ea536aa7596f194a760cf828a95e0f51

    • SHA1

      e8049c9e637746dfa64b03f890029c5fcace1fac

    • SHA256

      d43d908c24070db240a43257a0c7cab50b337d2173e3c95794384edc511d8af3

    • SHA512

      6b1e8fa546d2282d334d67d2b058faf466a7f0c6480cf5780e161a3c2d98cb05a4082a8f06924971dead871024e458d7069ea1f2cfc973cd40733ef2cfbd9818

    • SSDEEP

      6144:EV1VjlMindSC/xSAZ21ICSFjmf9fWDCxS2K0naW+tIqlnlkka:E1jlMiSGxBUVSFmf9fx2G4eu6r

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks