Overview

overview

10

Static

static

3

28477db32b...18.exe

windows7-x64

10

28477db32b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 01:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe

  • Size

    562KB

  • MD5

    28477db32ba7f651b5319037a6900bf9

  • SHA1

    17e89351ac8e24b82eea8ae9f6538714b0d014a1

  • SHA256

    0a122a9c5b9ca7f66424aa64cdb7dc9c5d4093583e9afb89a26c6dd0f6587ea3

  • SHA512

    707834add5fb39c8a9e3091e8ef867381729b11d8a48bcbd65c0e9ffa355ee33db222f37d2de539981da83b1c76b57a214663d039d14fdf5127797ff21630393

  • SSDEEP

    12288:8Jg/7N47X+Ijsg84HFT18Q4/fhhBP6VXW6T2zcDd4q4e462:d7N4jh6bbByVRTL4FNb

Score
10/10
raccoon93d3ccba4a3cbd5e268873fc1760b2335272e198discoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

93d3ccba4a3cbd5e268873fc1760b2335272e198

Attributes
  • url4cnc

    https://telete.in/opa4kiprivatem

rc4.plain
1
$Z2s`ten\@bE9vzR
rc4.plain
1
35aa39e14baeee2e915154e8ea069ba3

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1192

Network

  • flag-us
    DNS
    telete.in
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    telete.in
    IN A
    Response
    telete.in
    IN A
    199.59.243.227
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    288 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    288 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    343 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    288 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    288 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    432 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 8.8.8.8:53
    telete.in
    dns
    28477db32ba7f651b5319037a6900bf9_JaffaCakes118.exe
    55 B
     71 B
     1
    1

    DNS Request

    telete.in

    DNS Response

    199.59.243.227

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1192-1-0x0000000000A60000-0x0000000000B60000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1192-2-0x0000000000340000-0x00000000003CF000-memory.dmp

    Filesize

    572KB

    Download

  • memory/1192-3-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1192-4-0x0000000000A60000-0x0000000000B60000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1192-5-0x0000000000340000-0x00000000003CF000-memory.dmp

    Filesize

    572KB

    Download

  • memory/1192-7-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1192-6-0x0000000000400000-0x0000000000943000-memory.dmp

    Filesize

    5.3MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.