Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12-04-2024 00:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
eec17d7948e06d67503dea34259145f2_JaffaCakes118.exe
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
eec17d7948e06d67503dea34259145f2_JaffaCakes118.exe
-
Size
468KB
-
MD5
eec17d7948e06d67503dea34259145f2
-
SHA1
ce3ff6d3b66de29f2568daca2e43d01b70cc1f00
-
SHA256
d339a24a1fd6245cefc38b24ce8ff753a1dc20bc6d213bf38bb8703a7c527042
-
SHA512
92c6106e63dce226120760c74dbdac308ff9a3ff2bd4273f4ee3e805b85b3980fb4992565680b86e6258bd056c7d3e3464a2fea5d4ef86d72ef3fb7c89b6cc5e
-
SSDEEP
12288:47cdIY0t2Imo15ZNJqemMV+TFnYmARlA:47GIY0t5mo1FJs/JnY
Malware Config
Signatures
-
Raccoon Stealer V1 payload 3 IoCs
resource yara_rule behavioral2/memory/4196-2-0x0000000004A80000-0x0000000004B13000-memory.dmp family_raccoon_v1 behavioral2/memory/4196-3-0x0000000000400000-0x0000000002CAC000-memory.dmp family_raccoon_v1 behavioral2/memory/4196-6-0x0000000004A80000-0x0000000004B13000-memory.dmp family_raccoon_v1
Processes
Network
-
Remote address:8.8.8.8:53Request217.106.137.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request249.197.17.2.in-addr.arpaIN PTRResponse249.197.17.2.in-addr.arpaIN PTRa2-17-197-249deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttelete.inIN AResponsetelete.inIN A185.53.177.54
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:8.8.8.8:53Request54.177.53.185.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.126.166.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request121.118.77.104.in-addr.arpaIN PTRResponse121.118.77.104.in-addr.arpaIN PTRa104-77-118-121deploystaticakamaitechnologiescom
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:185.53.177.54:443RequestGET /jdiamond13 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/plain; charset=UTF-8
Host: telete.in
ResponseHTTP/1.1 410 Gone
Content-Length: 10
Content-Type: text/plain; charset=utf-8
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.229.111.52.in-addr.arpaIN PTRResponse
-
185.53.177.54:443https://telete.in/jdiamond13tls, httpeec17d7948e06d67503dea34259145f2_JaffaCakes118.exe3.9kB 6.6kB 31 22
HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410 -
185.53.177.54:443https://telete.in/jdiamond13tls, httpeec17d7948e06d67503dea34259145f2_JaffaCakes118.exe6.0kB 8.2kB 44 27
HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410HTTP Request
GET https://telete.in/jdiamond13HTTP Response
410
-
73 B 147 B 1 1
DNS Request
217.106.137.52.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
249.197.17.2.in-addr.arpa
-
55 B 71 B 1 1
DNS Request
telete.in
DNS Response
185.53.177.54
-
72 B 150 B 1 1
DNS Request
54.177.53.185.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
56.126.166.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
121.118.77.104.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
43.229.111.52.in-addr.arpa
-