General

  • Target

    ee3deab2febebefaa17f44d62be01a73_JaffaCakes118

  • Size

    287KB

  • Sample

    240920-xrmchasfnb

  • MD5

    ee3deab2febebefaa17f44d62be01a73

  • SHA1

    afbe1c3df6681d1640c8d3f3602a18fa8ef835a3

  • SHA256

    7320d0b58be885edfe5ac8b12b8ec8a30d764fdd1a96ba86959dbc947e31ac89

  • SHA512

    aef2b98c05a3eef47a05154c23f6d14ebb952cf73c7bb1214245b05325f3485091b3fe18e8c65b542d2bdfee6031464fc2b2dd4c9567589700c517f902a027db

  • SSDEEP

    6144:N84R+/nBQojUb4LoaXqMKVjNY4GuKcxwMwulQMEAj+:ShBQ6n/SVqxcxwDunE3

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      ee3deab2febebefaa17f44d62be01a73_JaffaCakes118

    • Size

      287KB

    • MD5

      ee3deab2febebefaa17f44d62be01a73

    • SHA1

      afbe1c3df6681d1640c8d3f3602a18fa8ef835a3

    • SHA256

      7320d0b58be885edfe5ac8b12b8ec8a30d764fdd1a96ba86959dbc947e31ac89

    • SHA512

      aef2b98c05a3eef47a05154c23f6d14ebb952cf73c7bb1214245b05325f3485091b3fe18e8c65b542d2bdfee6031464fc2b2dd4c9567589700c517f902a027db

    • SSDEEP

      6144:N84R+/nBQojUb4LoaXqMKVjNY4GuKcxwMwulQMEAj+:ShBQ6n/SVqxcxwDunE3

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks