General

  • Target

    f6d529d95d9fad7a41ebb5f9d29f1685320e74034f46b6a150afbddcf00374c6N

  • Size

    247KB

  • Sample

    240920-hznszavcpn

  • MD5

    e7a99eb556be9228beb1ee5588d28110

  • SHA1

    da1357993bcab5924a93f7acd62284bc37aebd62

  • SHA256

    f6d529d95d9fad7a41ebb5f9d29f1685320e74034f46b6a150afbddcf00374c6

  • SHA512

    4eca708385022a5d647cb2b5aca3cf344761e363cbd514c4336c4be3b801c4d090698cca93d484c9e82d267fb3b499a9943773a7dfe3f70444f06a0ed6f9ccd1

  • SSDEEP

    3072:9tQ40hPealM03lCj92AAy1EOHL3nb/EimqZp6iJylQhIrXymOAKOlheHe4fkxx:9SCj9hAmvXb//mqZLQlQurXFKOlE++6

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      f6d529d95d9fad7a41ebb5f9d29f1685320e74034f46b6a150afbddcf00374c6N

    • Size

      247KB

    • MD5

      e7a99eb556be9228beb1ee5588d28110

    • SHA1

      da1357993bcab5924a93f7acd62284bc37aebd62

    • SHA256

      f6d529d95d9fad7a41ebb5f9d29f1685320e74034f46b6a150afbddcf00374c6

    • SHA512

      4eca708385022a5d647cb2b5aca3cf344761e363cbd514c4336c4be3b801c4d090698cca93d484c9e82d267fb3b499a9943773a7dfe3f70444f06a0ed6f9ccd1

    • SSDEEP

      3072:9tQ40hPealM03lCj92AAy1EOHL3nb/EimqZp6iJylQhIrXymOAKOlheHe4fkxx:9SCj9hAmvXb//mqZLQlQurXFKOlE++6

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks