Analysis Overview
SHA256
afa506dea7e88d3aa2ff4c2f58a21a91cf5d6ae5a00dea2cf482832d1613e37b
Threat Level: Known bad
The file a7590868a85203e4873bc995240bb4b3_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Raccoon
Raccoon Stealer V1 payload
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-04-03 21:39
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 21:39
Reported
2024-04-03 21:41
Platform
win7-20231129-en
Max time kernel
142s
Max time network
120s
Command Line
Signatures
Raccoon
Raccoon Stealer V1 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a7590868a85203e4873bc995240bb4b3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a7590868a85203e4873bc995240bb4b3_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | telegatt.top | udp |
| US | 8.8.8.8:53 | telegka.top | udp |
| US | 8.8.8.8:53 | telegin.top | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
Files
memory/2736-2-0x0000000000300000-0x000000000038E000-memory.dmp
memory/2736-1-0x00000000017D0000-0x00000000018D0000-memory.dmp
memory/2736-3-0x0000000000400000-0x00000000016FF000-memory.dmp
memory/2736-4-0x0000000000400000-0x00000000016FF000-memory.dmp
memory/2736-5-0x00000000017D0000-0x00000000018D0000-memory.dmp
memory/2736-15-0x0000000000400000-0x00000000016FF000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 21:39
Reported
2024-04-03 21:41
Platform
win10v2004-20240226-en
Max time kernel
147s
Max time network
155s
Command Line
Signatures
Raccoon
Raccoon Stealer V1 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a7590868a85203e4873bc995240bb4b3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a7590868a85203e4873bc995240bb4b3_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telegatt.top | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telegatt.top | udp |
| US | 8.8.8.8:53 | telegatt.top | udp |
| US | 8.8.8.8:53 | telegka.top | udp |
| US | 8.8.8.8:53 | telegka.top | udp |
| US | 8.8.8.8:53 | telegka.top | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telegin.top | udp |
| US | 8.8.8.8:53 | 99.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telegin.top | udp |
| US | 8.8.8.8:53 | telegin.top | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.137.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
memory/2416-1-0x0000000001A10000-0x0000000001B10000-memory.dmp
memory/2416-2-0x00000000033B0000-0x000000000343E000-memory.dmp
memory/2416-3-0x0000000000400000-0x00000000016FF000-memory.dmp
memory/2416-4-0x0000000000400000-0x00000000016FF000-memory.dmp
memory/2416-5-0x0000000001A10000-0x0000000001B10000-memory.dmp
memory/2416-7-0x00000000033B0000-0x000000000343E000-memory.dmp
memory/2416-13-0x0000000000400000-0x00000000016FF000-memory.dmp