General
-
Target
e5f1ff0079899d0074b78e701e7ec8fe_JaffaCakes118
-
Size
3.2MB
-
Sample
240917-ds7kaasbrr
-
MD5
e5f1ff0079899d0074b78e701e7ec8fe
-
SHA1
e9857d834d20f5909ea4a88ed58eb2bd0eceaa8b
-
SHA256
c6ad97890dc966035ef6555016dd28e424472288c972d7c98a273951a33cb18b
-
SHA512
c980906d9ff1ea9229e50d000e99bea1e4ced00c17e3aa632d904334cd2f6ee05e89ad9d02b6782fc7b056139e382a9c986c7528632122ab347d5d488aeec5c4
-
SSDEEP
98304:M3xkNXKAFYuvue5EFyTPWjEKOC3v5msc6h0bphg7:IxoaEvue5EYjWQU3Rmsc40bpC
Malware Config
Targets
-
-
Target
e5f1ff0079899d0074b78e701e7ec8fe_JaffaCakes118
-
Size
3.2MB
-
MD5
e5f1ff0079899d0074b78e701e7ec8fe
-
SHA1
e9857d834d20f5909ea4a88ed58eb2bd0eceaa8b
-
SHA256
c6ad97890dc966035ef6555016dd28e424472288c972d7c98a273951a33cb18b
-
SHA512
c980906d9ff1ea9229e50d000e99bea1e4ced00c17e3aa632d904334cd2f6ee05e89ad9d02b6782fc7b056139e382a9c986c7528632122ab347d5d488aeec5c4
-
SSDEEP
98304:M3xkNXKAFYuvue5EFyTPWjEKOC3v5msc6h0bphg7:IxoaEvue5EYjWQU3Rmsc40bpC
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer V1 payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2