General

  • Target

    ecbbcfa07d78c21c0ce59f050f89c4b3_JaffaCakes118

  • Size

    264KB

  • Sample

    240920-drg81awajf

  • MD5

    ecbbcfa07d78c21c0ce59f050f89c4b3

  • SHA1

    0013f71c037c07d859cdd8a442cb026f7a511421

  • SHA256

    bf8b82dbb5437b05f3a0bfc74be8c3adaa587eb127f27983c6e448b950aa924f

  • SHA512

    8c576411e2ac88d626218f7b9eef619612051417ef5c61b86e11c92c871a87fbf289d8ed6c8168e813633abbf0243ddbc326287ce3e8285916857e3183cb026c

  • SSDEEP

    6144:VzpIT9mZ7acEGhFpwTMhxYlNqqogDkbO/SkF/a/0uFR/6q79:hwc7a4hooxDAkbOaMa/0o/z9

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      ecbbcfa07d78c21c0ce59f050f89c4b3_JaffaCakes118

    • Size

      264KB

    • MD5

      ecbbcfa07d78c21c0ce59f050f89c4b3

    • SHA1

      0013f71c037c07d859cdd8a442cb026f7a511421

    • SHA256

      bf8b82dbb5437b05f3a0bfc74be8c3adaa587eb127f27983c6e448b950aa924f

    • SHA512

      8c576411e2ac88d626218f7b9eef619612051417ef5c61b86e11c92c871a87fbf289d8ed6c8168e813633abbf0243ddbc326287ce3e8285916857e3183cb026c

    • SSDEEP

      6144:VzpIT9mZ7acEGhFpwTMhxYlNqqogDkbO/SkF/a/0uFR/6q79:hwc7a4hooxDAkbOaMa/0o/z9

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks