Overview

overview

10

Static

static

3

JaffaCakes...3a.exe

windows7-x64

5

JaffaCakes...3a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6423cea1a599576d632e8eae732b6f793908c58a45019aeed428907020bc0a3a

  • Size

    732.7MB

  • Sample

    241221-wzxyjawkhl

  • MD5

    494ea28bf8243f9dc7b93fced9f4a388

  • SHA1

    cfa0518b4f82ee22525673d94b4bfc5df61ed59f

  • SHA256

    6423cea1a599576d632e8eae732b6f793908c58a45019aeed428907020bc0a3a

  • SHA512

    7ab25192306d19a8bac50b7c80bb4c46b8362d98032551c63b7e99bb9ef47fcdaf95d6c569524eb6e77d00a3dc71e18493b3534a43a9536a9fb35921e1319676

  • SSDEEP

    393216:OX520KzlIOxqMMB8PnXDU3T6XCkR0XCbivMNt:W8RJIkqlBQu6XCkRhbN

Score
10/10
raccoon540b1db0b12b23e63e6942952aa03e47discoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

540b1db0b12b23e63e6942952aa03e47

C2

http://37.220.87.66/

http://77.73.134.0/
Attributes
  • user_agent

    901785252112

xor.plain

Targets

    • Target

      JaffaCakes118_6423cea1a599576d632e8eae732b6f793908c58a45019aeed428907020bc0a3a

    • Size

      732.7MB

    • MD5

      494ea28bf8243f9dc7b93fced9f4a388

    • SHA1

      cfa0518b4f82ee22525673d94b4bfc5df61ed59f

    • SHA256

      6423cea1a599576d632e8eae732b6f793908c58a45019aeed428907020bc0a3a

    • SHA512

      7ab25192306d19a8bac50b7c80bb4c46b8362d98032551c63b7e99bb9ef47fcdaf95d6c569524eb6e77d00a3dc71e18493b3534a43a9536a9fb35921e1319676

    • SSDEEP

      393216:OX520KzlIOxqMMB8PnXDU3T6XCkR0XCbivMNt:W8RJIkqlBQu6XCkRhbN

    Score
    10/10
    discoveryraccoon540b1db0b12b23e63e6942952aa03e47stealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V2 payload

    • Raccoon family

      raccoon

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks