Overview

overview

10

Static

static

3

11d64f8be1...18.exe

windows7-x64

10

11d64f8be1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-06-2024 11:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11d64f8be11727a5198e2a98606b1fd2_JaffaCakes118.exe

  • Size

    395KB

  • MD5

    11d64f8be11727a5198e2a98606b1fd2

  • SHA1

    c89ebfd399394ec5864dcd38ade11e32a54e503a

  • SHA256

    28cc6e8f57a802d30dedab82720d3b4bdc903160faba9f658ce6f69578b9c6cb

  • SHA512

    4738d7d30267b8f55d782b49d3a0aac8cf67baff52c79837a2e59c4410c9efc02e1196c427b6351379a371a9b64d084a9dfafbd2a68663ff7c10bb935ca3c0f5

  • SSDEEP

    12288:w+wwzQAsiQhLxG2xAK0q5QprDldEo4u0:wHmQ/iQhLrtggC0

Score
10/10
raccoon9ba64f4b6fe448911470a88f09d6e7d5b92ff0abstealer

Malware Config

Extracted

Family

raccoon

Version

1.7.2

Botnet

9ba64f4b6fe448911470a88f09d6e7d5b92ff0ab

Attributes
  • url4cnc

    https://telete.in/jagressor_kz

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11d64f8be11727a5198e2a98606b1fd2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\11d64f8be11727a5198e2a98606b1fd2_JaffaCakes118.exe"
    1⤵
      PID:4992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4992-1-0x0000000000610000-0x0000000000710000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4992-2-0x00000000009E0000-0x0000000000A72000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4992-3-0x0000000000400000-0x0000000000494000-memory.dmp

      Filesize

      592KB

      Download

    • memory/4992-4-0x0000000000400000-0x000000000050E000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4992-6-0x0000000000610000-0x0000000000710000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4992-7-0x00000000009E0000-0x0000000000A72000-memory.dmp

      Filesize

      584KB

      Download