Overview

overview

10

Static

static

7

05ce277319...18.exe

windows7-x64

10

05ce277319...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05ce277319746f5e74fe432aa57606c6_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240623-kzg2jawhje

  • MD5

    05ce277319746f5e74fe432aa57606c6

  • SHA1

    4dd81c2f5cbb7e3d5bd75163505690393f408834

  • SHA256

    284bfc3d8f3e1527ff42558e208ea3289efc0d154bf8a38e6c040886ecb11941

  • SHA512

    218ee42251bb5120d28083d409e33efcfe2e0489876a9ff5100e8eddf272ec7b15591238e1290114b942d7c04be3029886a786e29edb18f7212e7ee8d300b1be

  • SSDEEP

    49152:ILQw+/FrExuIk9CZUz1VKncQpwUsqXpZZkjsb:7LtYxuIYCQvkXpDkjsb

Score
10/10
raccoonevasionstealerthemidatrojan

Malware Config

Targets

    • Target

      05ce277319746f5e74fe432aa57606c6_JaffaCakes118

    • Size

      1.8MB

    • MD5

      05ce277319746f5e74fe432aa57606c6

    • SHA1

      4dd81c2f5cbb7e3d5bd75163505690393f408834

    • SHA256

      284bfc3d8f3e1527ff42558e208ea3289efc0d154bf8a38e6c040886ecb11941

    • SHA512

      218ee42251bb5120d28083d409e33efcfe2e0489876a9ff5100e8eddf272ec7b15591238e1290114b942d7c04be3029886a786e29edb18f7212e7ee8d300b1be

    • SSDEEP

      49152:ILQw+/FrExuIk9CZUz1VKncQpwUsqXpZZkjsb:7LtYxuIYCQvkXpDkjsb

    Score
    10/10
    raccoonevasionstealerthemidatrojan

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V1 payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks