Extracted

Extracted

Extracted

Extracted

• • Target

    6d929b7f6b456a9b24d50dbbfd87624d_JaffaCakes118

  • Size

    3.1MB

  • MD5

    6d929b7f6b456a9b24d50dbbfd87624d

  • SHA1

    824445eb19c92eaf624748c3c0fc6e77a7f617a6

  • SHA256

    e545bebf9e0380572b0d7440696cc1c4e687e4c100640f1693c223a91e71b9c5

  • SHA512

    3282d60fa41f0679408053d67e1204c5e9325d7958646ee2e0edc2d06e9bc61b60c51e7e34630eaae051eb6a0371ffa575dd7bc14e2432938285e8c42bb3c1a8

  • SSDEEP

    98304:ZC0zr0EE1XpTjfP8nkinI648yhPymUQ1Xu2HAOcBCkfp:jSEnlnIv8y8mR1Xkfp

  Score

  10^/10

  raccoonredlinesectoprat74bec5afbb1ce85c30df15e910825c3eaa274ac4venita_test_2k_05.08.21whitemixwwdiscoveryexecutioninfostealerratstealertrojan

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Raccoon Stealer V1 payload

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Powershell Invoke Web Request.

    execution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2