General

  • Target

    ea8a40dca1b38c2bb6f54d24e99ed974_JaffaCakes118

  • Size

    252KB

  • Sample

    240919-eg9qyazdjc

  • MD5

    ea8a40dca1b38c2bb6f54d24e99ed974

  • SHA1

    ba160e9fde420f8684fd3d4a2969291306bda1a5

  • SHA256

    dc2596ceaa08f7f1ba27798a6e47886ab55635049e3f55bd6f3cc33d0a0fe08b

  • SHA512

    82d553ec248bafc00db34a545577f180b0ece93bd14dd0a44c9ee4225dcf2afca89b42710434e0ff93e4ace858d4ec463a387f2bb0cf32d3733ba38bd58448ed

  • SSDEEP

    6144:8VzVSleqEKiX2Lh7n0CqPgGATLZBBkhUt43essBAUz5WD:8V5SleqkkGCGA/deII

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      ea8a40dca1b38c2bb6f54d24e99ed974_JaffaCakes118

    • Size

      252KB

    • MD5

      ea8a40dca1b38c2bb6f54d24e99ed974

    • SHA1

      ba160e9fde420f8684fd3d4a2969291306bda1a5

    • SHA256

      dc2596ceaa08f7f1ba27798a6e47886ab55635049e3f55bd6f3cc33d0a0fe08b

    • SHA512

      82d553ec248bafc00db34a545577f180b0ece93bd14dd0a44c9ee4225dcf2afca89b42710434e0ff93e4ace858d4ec463a387f2bb0cf32d3733ba38bd58448ed

    • SSDEEP

      6144:8VzVSleqEKiX2Lh7n0CqPgGATLZBBkhUt43essBAUz5WD:8V5SleqkkGCGA/deII

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks