General

  • Target

    eaef21b8072d89921cb574c2986e196b_JaffaCakes118

  • Size

    282KB

  • Sample

    240919-j9pcxsygma

  • MD5

    eaef21b8072d89921cb574c2986e196b

  • SHA1

    48e7e27b08d41d05031b8b496687a489309be182

  • SHA256

    fb68b42404951917f1b48c07aeab9312c30256e6a31e2a1db41ad57ea374301a

  • SHA512

    e34fae65392a0c267f262f411b68bbb716a8883852f0be5607f89bc37b83ecc14989fb1cd9e0b1860bbdb0bb072a6194d3946e206c00003ae3ff72cda5111620

  • SSDEEP

    6144:GZw2TxWX/f48zO7gtwua+Japo5iCb8lseuxw/6YF1M:KFTxWYMh5qoLb8LCy9E

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      eaef21b8072d89921cb574c2986e196b_JaffaCakes118

    • Size

      282KB

    • MD5

      eaef21b8072d89921cb574c2986e196b

    • SHA1

      48e7e27b08d41d05031b8b496687a489309be182

    • SHA256

      fb68b42404951917f1b48c07aeab9312c30256e6a31e2a1db41ad57ea374301a

    • SHA512

      e34fae65392a0c267f262f411b68bbb716a8883852f0be5607f89bc37b83ecc14989fb1cd9e0b1860bbdb0bb072a6194d3946e206c00003ae3ff72cda5111620

    • SSDEEP

      6144:GZw2TxWX/f48zO7gtwua+Japo5iCb8lseuxw/6YF1M:KFTxWYMh5qoLb8LCy9E

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks