General

  • Target

    ed5de3a8a3b7f07cbb58ae3493a6791f_JaffaCakes118

  • Size

    268KB

  • Sample

    240920-l72xca1flj

  • MD5

    ed5de3a8a3b7f07cbb58ae3493a6791f

  • SHA1

    465e56b17189a916755acbb9ce032f0438381bee

  • SHA256

    66f1c2cfa0d7e1b0d0a4ec8c1aa9cab697250a074b898d17f0fbc1d15e25372e

  • SHA512

    fed4cca65edb54c19eefc30a29aa41c970d87ce336d14a09c549c3acda2c2c8085b62b39797e7d9953bb4721b4f072347cc0bae4ad2497003ee1b72e4562a798

  • SSDEEP

    6144:K5q4MjTknKcjwzfxOZ9TdIEHFJW4CBEcdCfY1xaiqfIpvN20VEbVDy:GATkKbbxI9CEHFJzCCsCfYWivpvN20T

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      ed5de3a8a3b7f07cbb58ae3493a6791f_JaffaCakes118

    • Size

      268KB

    • MD5

      ed5de3a8a3b7f07cbb58ae3493a6791f

    • SHA1

      465e56b17189a916755acbb9ce032f0438381bee

    • SHA256

      66f1c2cfa0d7e1b0d0a4ec8c1aa9cab697250a074b898d17f0fbc1d15e25372e

    • SHA512

      fed4cca65edb54c19eefc30a29aa41c970d87ce336d14a09c549c3acda2c2c8085b62b39797e7d9953bb4721b4f072347cc0bae4ad2497003ee1b72e4562a798

    • SSDEEP

      6144:K5q4MjTknKcjwzfxOZ9TdIEHFJW4CBEcdCfY1xaiqfIpvN20VEbVDy:GATkKbbxI9CEHFJzCCsCfYWivpvN20T

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks