Overview

overview

10

Static

static

3

0429795a90...18.exe

windows7-x64

10

0429795a90...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0429795a90aa4a325ee875dccbcc1535_JaffaCakes118.exe

  • Size

    545KB

  • MD5

    0429795a90aa4a325ee875dccbcc1535

  • SHA1

    af2b5ccd4f508e8dab2d41242b52849f9dd127f8

  • SHA256

    a75911d7e23552cee42fa20516ff2ac2951a45dd7e8ce1782f8007f5d3dcb93c

  • SHA512

    6dfc41c15f7e5ea46d92a8882a694d037c897f188da773d81e4adb6af730ff32eb7d07a5cef85f1a18b60749c31fcce0a7dc05027cce204105e18143221d67a5

  • SSDEEP

    12288:5YHGjD2CU7QnpIyoImgvdo95FwV41DdjsehlXczxp6L:5hX2CU7kIV7ud+WGpdp3g36L

Score
10/10
raccoone672747afc67feb221ca60f8fc9e03adcf10f038stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

e672747afc67feb221ca60f8fc9e03adcf10f038

Attributes
  • url4cnc

    http://teletop.top/youyouhell0world

    http://teleta.top/youyouhell0world

    https://t.me/youyouhell0world

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0429795a90aa4a325ee875dccbcc1535_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0429795a90aa4a325ee875dccbcc1535_JaffaCakes118.exe"
    1⤵
      PID:2276

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2276-1-0x00000000005E0000-0x00000000006E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2276-2-0x0000000000220000-0x00000000002AE000-memory.dmp

      Filesize

      568KB

      Download

    • memory/2276-3-0x0000000000400000-0x0000000000490000-memory.dmp

      Filesize

      576KB

      Download

    • memory/2276-4-0x0000000000400000-0x0000000000495000-memory.dmp

      Filesize

      596KB

      Download

    • memory/2276-6-0x00000000005E0000-0x00000000006E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2276-7-0x0000000000220000-0x00000000002AE000-memory.dmp

      Filesize

      568KB

      Download