General

  • Target

    ecf3ae1a07d077242846501734e922aa_JaffaCakes118

  • Size

    257KB

  • Sample

    240920-gfsgda1epf

  • MD5

    ecf3ae1a07d077242846501734e922aa

  • SHA1

    40c917eb6a41aaca3cd13e4c942f83226d5eef9b

  • SHA256

    939dc22b6ea7867175805d06a9c64b031d380e4d2b96989c60524c3c7602150d

  • SHA512

    99ba357b541d48da4a373dc08caf057a3b3060aa3df1235fc9588887040583583caa01d815273a4d1f455452463252a5ca9a048080184a6c6274ab2563a40290

  • SSDEEP

    3072:KicFgFSqXNa0s3o2MV2SwcfjUGkmj1AWFhGIhtrJG+2ozcQU8gh1yhw7yds5VLGM:XXNNSo2EscAxmpDGIhtrTpUpH15WJS3

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      ecf3ae1a07d077242846501734e922aa_JaffaCakes118

    • Size

      257KB

    • MD5

      ecf3ae1a07d077242846501734e922aa

    • SHA1

      40c917eb6a41aaca3cd13e4c942f83226d5eef9b

    • SHA256

      939dc22b6ea7867175805d06a9c64b031d380e4d2b96989c60524c3c7602150d

    • SHA512

      99ba357b541d48da4a373dc08caf057a3b3060aa3df1235fc9588887040583583caa01d815273a4d1f455452463252a5ca9a048080184a6c6274ab2563a40290

    • SSDEEP

      3072:KicFgFSqXNa0s3o2MV2SwcfjUGkmj1AWFhGIhtrJG+2ozcQU8gh1yhw7yds5VLGM:XXNNSo2EscAxmpDGIhtrTpUpH15WJS3

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks