Overview

overview

10

Static

static

3

ef69bb25a1...18.exe

windows7-x64

10

ef69bb25a1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-04-2024 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef69bb25a1ab3df0bea89536f4f740e5_JaffaCakes118.exe

  • Size

    584KB

  • MD5

    ef69bb25a1ab3df0bea89536f4f740e5

  • SHA1

    670f5d925f2a5e0dbb011356a0aeb01c344bfb60

  • SHA256

    74ce135948ae4d7c53c90befa412fad2e458fffd74df281d2f3525745a025a18

  • SHA512

    be2c0fe8a0867300e7db7aabceee2cd17ef1affb760bfd79fd851e11e64ec993ee39dc35e6c82933b2c5d8cfe54d86d7fd0a9ba1314a020716dbe64a032faffe

  • SSDEEP

    12288:z9IRhhmUtFVs9ThpscV89AjbHBaNeXIuG/QVu0WFOkB:z6GUtFVs9589AjbgNKIuW/0WME

Score
10/10
raccoon92ebab08c5ac751002e0940e7383d528246b9dccstealer

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

92ebab08c5ac751002e0940e7383d528246b9dcc

Attributes
  • url4cnc

    https://t.me/open3entershift

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef69bb25a1ab3df0bea89536f4f740e5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ef69bb25a1ab3df0bea89536f4f740e5_JaffaCakes118.exe"
    1⤵
      PID:2016

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2016-1-0x00000000002D0000-0x00000000003D0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2016-2-0x0000000000520000-0x00000000005B3000-memory.dmp

      Filesize

      588KB

      Download

    • memory/2016-3-0x0000000000400000-0x00000000004AD000-memory.dmp

      Filesize

      692KB

      Download

    • memory/2016-4-0x0000000000400000-0x00000000004AD000-memory.dmp

      Filesize

      692KB

      Download

    • memory/2016-6-0x00000000002D0000-0x00000000003D0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2016-7-0x0000000000520000-0x00000000005B3000-memory.dmp

      Filesize

      588KB

      Download