Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    11-04-2024 09:44

General

  • Target

    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe

  • Size

    462KB

  • MD5

    ed20a01ec2d93943bd0664fafb76daa6

  • SHA1

    4736f0170c32b4757e062eb6b1d47d46c7d5ab29

  • SHA256

    5bc02ebc009910c9625991d64f2170d0c1ddd2b403d34674e3b48e8fd0f22242

  • SHA512

    b22360f22bb48529b2b986f7ef37eb9d1cdb42eaaea7fa44b93fc48a0f2b02ee4d4029d1d0e80867ce0a8d8a322f9c463182910c83cc36d4b53fb2c50c470ccf

  • SSDEEP

    12288:+kRfdSeBVKuvlfIGLUzA9iP+ngOu4sl4OxCDi:PfnKu9fIGYzA4PyXOAi

Score
10/10

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

  • Raccoon Stealer V1 payload 3 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe"
    1⤵
    • Modifies system certificate store
    PID:1996

Network

  • flag-us
    DNS
    telete.in
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    telete.in
    IN A
    Response
    telete.in
    IN A
    185.53.177.54
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:44:13 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:44:18 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:44:23 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:44:28 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:44:33 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:44:38 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:44:43 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:44:48 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:44:54 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:44:59 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:04 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:09 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:14 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:19 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:24 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:29 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:34 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:39 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:44 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:49 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:54 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:45:59 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:46:04 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:46:09 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:46:15 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:46:20 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:46:25 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:46:30 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:46:35 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/jagressor_kz
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /jagressor_kz HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Thu, 11 Apr 2024 09:46:40 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • 185.53.177.54:443
    https://telete.in/jagressor_kz
    tls, http
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    8.6kB
    11.6kB
    67
    44

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/jagressor_kz

    HTTP Response

    410
  • 8.8.8.8:53
    telete.in
    dns
    ed20a01ec2d93943bd0664fafb76daa6_JaffaCakes118.exe
    55 B
    71 B
    1
    1

    DNS Request

    telete.in

    DNS Response

    185.53.177.54

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1996-1-0x0000000002E70000-0x0000000002F70000-memory.dmp

    Filesize

    1024KB

  • memory/1996-2-0x0000000000220000-0x00000000002B1000-memory.dmp

    Filesize

    580KB

  • memory/1996-3-0x0000000000400000-0x0000000002D01000-memory.dmp

    Filesize

    41.0MB

  • memory/1996-5-0x0000000002E70000-0x0000000002F70000-memory.dmp

    Filesize

    1024KB

  • memory/1996-7-0x0000000000220000-0x00000000002B1000-memory.dmp

    Filesize

    580KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.