General

  • Target

    ee594e648defc9bc281212da8ec6c5c9_JaffaCakes118

  • Size

    262KB

  • Sample

    240920-y1x12awbkd

  • MD5

    ee594e648defc9bc281212da8ec6c5c9

  • SHA1

    4700202ab76af9c2718bdd4bc36bff12bb6263cc

  • SHA256

    a8cc1465d40b748056fb7ea2f79b8f9df39715f0a1e0073027ad666e580f29ae

  • SHA512

    9e2e6d7c9953a2287dda15d431a373cf5112673d8063454ed0f670744c0b5b427c5236786a97a53ac9e37b86479801a2b94a0a2de72b56ae174240442b49b46b

  • SSDEEP

    6144:Gwf1c+G/3K/IkaKqCcVgdWBDcY+/OGExrrQ:GQmh/a/IhOcydMR+/OG6rQ

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Targets

    • Target

      ee594e648defc9bc281212da8ec6c5c9_JaffaCakes118

    • Size

      262KB

    • MD5

      ee594e648defc9bc281212da8ec6c5c9

    • SHA1

      4700202ab76af9c2718bdd4bc36bff12bb6263cc

    • SHA256

      a8cc1465d40b748056fb7ea2f79b8f9df39715f0a1e0073027ad666e580f29ae

    • SHA512

      9e2e6d7c9953a2287dda15d431a373cf5112673d8063454ed0f670744c0b5b427c5236786a97a53ac9e37b86479801a2b94a0a2de72b56ae174240442b49b46b

    • SSDEEP

      6144:Gwf1c+G/3K/IkaKqCcVgdWBDcY+/OGExrrQ:GQmh/a/IhOcydMR+/OG6rQ

    • Modifies WinLogon for persistence

    • simda

      Simda is an infostealer written in C++.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies WinLogon

MITRE ATT&CK Enterprise v15

Tasks