General

  • Target

    ecf2beae8ce6b692a45d50ac07500798_JaffaCakes118

  • Size

    266KB

  • Sample

    240920-ger48a1hrp

  • MD5

    ecf2beae8ce6b692a45d50ac07500798

  • SHA1

    cb61540057a55a5f778ed9550a191fef2cd842e9

  • SHA256

    069d8d5c66c3d03170cf896255f1674b4a7d7ff5f3e16a155584d8494b9271c4

  • SHA512

    386c877d6b20c9c9a15569568cbad58d104c4a1b4d312d5b589efa48a6f82b4f82749573a6e1a1934e5115539f4535a420deab8314d83cefc5996011690d0b71

  • SSDEEP

    3072:EW/1lqNqAoPJl+Q7fFOPLfie9rHbK5pWsl8bnDZNnZRfs6pCWtKU7xTVKpfo5Utn:TrDPSgFCqiXIQ28bDr5trKpfo5aoo

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      ecf2beae8ce6b692a45d50ac07500798_JaffaCakes118

    • Size

      266KB

    • MD5

      ecf2beae8ce6b692a45d50ac07500798

    • SHA1

      cb61540057a55a5f778ed9550a191fef2cd842e9

    • SHA256

      069d8d5c66c3d03170cf896255f1674b4a7d7ff5f3e16a155584d8494b9271c4

    • SHA512

      386c877d6b20c9c9a15569568cbad58d104c4a1b4d312d5b589efa48a6f82b4f82749573a6e1a1934e5115539f4535a420deab8314d83cefc5996011690d0b71

    • SSDEEP

      3072:EW/1lqNqAoPJl+Q7fFOPLfie9rHbK5pWsl8bnDZNnZRfs6pCWtKU7xTVKpfo5Utn:TrDPSgFCqiXIQ28bDr5trKpfo5aoo

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks