General

  • Target

    ed2fcd628417dd97ef1078e45b53e0f3_JaffaCakes118

  • Size

    266KB

  • Sample

    240920-j7j1eswhph

  • MD5

    ed2fcd628417dd97ef1078e45b53e0f3

  • SHA1

    1e70407859fcbc28a70222e8a9dab4ee2bd076a2

  • SHA256

    af2045b3857aaffca1473a4924d75211ac7e1a17ee4b3f176a71badbbb422b67

  • SHA512

    f7700983b0f4f82d83ef8042d99831ee0abd1b30d9a72ffcda0374b77136e9fda340051adcff258177247eabbbfa151f435dfa1f32f454cec3c4103db39550f1

  • SSDEEP

    3072:zW/1lqNqAoPJl+Q7fFOPLfie9rHbK5pWsl8bnDZNnZRfs6pCWtKU7xTVKpfo5Utn:WrDPSgFCqiXIQ28bDr5trKpfo5aoo

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      ed2fcd628417dd97ef1078e45b53e0f3_JaffaCakes118

    • Size

      266KB

    • MD5

      ed2fcd628417dd97ef1078e45b53e0f3

    • SHA1

      1e70407859fcbc28a70222e8a9dab4ee2bd076a2

    • SHA256

      af2045b3857aaffca1473a4924d75211ac7e1a17ee4b3f176a71badbbb422b67

    • SHA512

      f7700983b0f4f82d83ef8042d99831ee0abd1b30d9a72ffcda0374b77136e9fda340051adcff258177247eabbbfa151f435dfa1f32f454cec3c4103db39550f1

    • SSDEEP

      3072:zW/1lqNqAoPJl+Q7fFOPLfie9rHbK5pWsl8bnDZNnZRfs6pCWtKU7xTVKpfo5Utn:WrDPSgFCqiXIQ28bDr5trKpfo5aoo

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks