Malware Analysis Report

2024-10-23 21:53

Sample ID 240401-x9afnaea43
Target 787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118
SHA256 942353c71456ab1a0448ae9ea161cdb10cf85770e577d39c2f660193bc3efe9b
Tags
raccoon stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

942353c71456ab1a0448ae9ea161cdb10cf85770e577d39c2f660193bc3efe9b

Threat Level: Known bad

The file 787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

raccoon stealer

Raccoon

Raccoon Stealer V1 payload

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-04-01 19:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-01 19:32

Reported

2024-04-01 19:35

Platform

win7-20231129-en

Max time kernel

141s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118.exe"

Signatures

Raccoon

stealer raccoon

Raccoon Stealer V1 payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 tgmirror.top udp

Files

memory/1872-1-0x0000000002E60000-0x0000000002F60000-memory.dmp

memory/1872-2-0x00000000002A0000-0x000000000032E000-memory.dmp

memory/1872-3-0x0000000000400000-0x0000000002DE5000-memory.dmp

memory/1872-6-0x0000000002E60000-0x0000000002F60000-memory.dmp

memory/1872-7-0x00000000002A0000-0x000000000032E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-01 19:32

Reported

2024-04-01 19:35

Platform

win10v2004-20240319-en

Max time kernel

148s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118.exe"

Signatures

Raccoon

stealer raccoon

Raccoon Stealer V1 payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3628 --field-trial-handle=2256,i,16750283575152780128,2524258836761969159,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 40.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 27.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 telemirror.top udp
GB 13.105.221.16:443 tcp
US 8.8.8.8:53 234.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 48.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 179.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 28.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 telemirror.top udp
US 8.8.8.8:53 tgmirror.top udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 tgmirror.top udp
US 8.8.8.8:53 tgmirror.top udp
US 8.8.8.8:53 tgmirror.top udp
US 8.8.8.8:53 tgmirror.top udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

memory/2452-1-0x0000000002E10000-0x0000000002F10000-memory.dmp

memory/2452-2-0x0000000004B40000-0x0000000004BCE000-memory.dmp

memory/2452-3-0x0000000000400000-0x0000000002DE5000-memory.dmp

memory/2452-4-0x0000000000400000-0x0000000002DE5000-memory.dmp

memory/2452-6-0x0000000002E10000-0x0000000002F10000-memory.dmp

memory/2452-7-0x0000000004B40000-0x0000000004BCE000-memory.dmp