General

  • Target

    ea65ee6630edb98ab191af5671595655_JaffaCakes118

  • Size

    262KB

  • Sample

    240919-cmh43awanj

  • MD5

    ea65ee6630edb98ab191af5671595655

  • SHA1

    cb34f6124887907902fc6cb93a7961aeb32a7938

  • SHA256

    7aaa0c7ca452495a30f0cccd0ac92b38eea9a6a92483c9a2c6a4ab605abdcef3

  • SHA512

    58670d47991b0db72eedb634c6d581a481886fa96afe05fde71a3ac143ea47ada3bb9a5793a27c59a0dfbb542164a1ea5ba7dee38d2f71f0d1e99ba015a22c0c

  • SSDEEP

    3072:58nW6fb/CH1pGLP7c7pJ1GE7am88d5Bt9pTlNg8pPD4Cqykp/v35aYV1kOOkSCWc:uWQ6HWLs+Eum1RNrkCqddcGRW4P

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      ea65ee6630edb98ab191af5671595655_JaffaCakes118

    • Size

      262KB

    • MD5

      ea65ee6630edb98ab191af5671595655

    • SHA1

      cb34f6124887907902fc6cb93a7961aeb32a7938

    • SHA256

      7aaa0c7ca452495a30f0cccd0ac92b38eea9a6a92483c9a2c6a4ab605abdcef3

    • SHA512

      58670d47991b0db72eedb634c6d581a481886fa96afe05fde71a3ac143ea47ada3bb9a5793a27c59a0dfbb542164a1ea5ba7dee38d2f71f0d1e99ba015a22c0c

    • SSDEEP

      3072:58nW6fb/CH1pGLP7c7pJ1GE7am88d5Bt9pTlNg8pPD4Cqykp/v35aYV1kOOkSCWc:uWQ6HWLs+Eum1RNrkCqddcGRW4P

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks