General

  • Target

    JaffaCakes118_3028b2eb6d0aeb8a13291c7fa799ba8c39a9fa0c5af0abb56b34c903cb64741e

  • Size

    727.2MB

  • Sample

    241222-kng76a1pas

  • MD5

    500f99c4b067fe00c0abe21a92e755fe

  • SHA1

    f5fea700fb2962e39afd5d709308d5a0ce2d3b82

  • SHA256

    3028b2eb6d0aeb8a13291c7fa799ba8c39a9fa0c5af0abb56b34c903cb64741e

  • SHA512

    8def4c0b4f3737f764a4c9b3e82f5470b6c9fd3739a896b662fe969bdc1b1b772dacb0bb2f47d43a7ab0e49806e12c2f845fe42e25f56fa9e03269893662c45d

  • SSDEEP

    98304:eljPlq3JIvhwmpT6KCtB4ptE4kBCbJVr0uhK130g+XAFNAtN51pJxGmyo:elDloJIZwmd6KnjHr0cK1rLqN/pjGmyo

Malware Config

Extracted

Family

raccoon

Botnet

26a95afbb6bac0ccd2506a74d8cdbccd

C2

http://51.195.166.175/

Attributes
  • user_agent

    mozzzzzzzzzzz

rc4.plain

Targets

    • Target

      JaffaCakes118_3028b2eb6d0aeb8a13291c7fa799ba8c39a9fa0c5af0abb56b34c903cb64741e

    • Size

      727.2MB

    • MD5

      500f99c4b067fe00c0abe21a92e755fe

    • SHA1

      f5fea700fb2962e39afd5d709308d5a0ce2d3b82

    • SHA256

      3028b2eb6d0aeb8a13291c7fa799ba8c39a9fa0c5af0abb56b34c903cb64741e

    • SHA512

      8def4c0b4f3737f764a4c9b3e82f5470b6c9fd3739a896b662fe969bdc1b1b772dacb0bb2f47d43a7ab0e49806e12c2f845fe42e25f56fa9e03269893662c45d

    • SSDEEP

      98304:eljPlq3JIvhwmpT6KCtB4ptE4kBCbJVr0uhK130g+XAFNAtN51pJxGmyo:elDloJIZwmd6KnjHr0cK1rLqN/pjGmyo

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V2 payload

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks