General
-
Target
JaffaCakes118_f2a14fa74eb7d5752ecd5b578720883c3f48909e2fa81aaff1dbafff610e3257
-
Size
15.6MB
-
Sample
241222-pftnfaxpas
-
MD5
d7268f23c90ec40e6f102f46bfdff29d
-
SHA1
e4980fa6e09d0fb84e9cf1350ed48d263fc87c59
-
SHA256
f2a14fa74eb7d5752ecd5b578720883c3f48909e2fa81aaff1dbafff610e3257
-
SHA512
f96009601c258c07c15039a5f7a45be63c5ad24d97416c38493b0a62c5ad43b273c16980b64da46db2cb029d9dedd5a2b80a15298ccedf43bf0f09889ecc8483
-
SSDEEP
393216:4RlyUmUaUzoY8d+yfFnETpxV023XnQ817YRJ6lJW1F98z:AYwa92yNnA3Xd7S6Wf98z
Malware Config
Extracted
raccoon
f0f70bdf46d27a5d3e549f9105928f1a
http://87.120.37.15/
-
user_agent
mozzzzzzzzzzz
Targets
-
-
Target
installer.exe
-
Size
735.1MB
-
MD5
f32cd33269e2eee752aa32c83b341d53
-
SHA1
4d7f4cd9e38248b1cb68357150b81faaeacd5380
-
SHA256
f732e864793731491b83cccd4a8e33d45370bb391ae3fd60f38a039cebb29749
-
SHA512
82bed41dd116031896ee02b5e2e8e89cfbdffc0bb647f58658c6fe274fe0b51ef2383cdb37091389c0b6d1e55682d64ebf70d6c612d7a651b7fe752b38817979
-
SSDEEP
393216:J5ExzGut0SaJ0qBFFov/pHoATlPykh3k3BEV38N/B:Ha6Eq3FGTlJ3Mo8VB
Score10/10-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Raccoon Stealer V2 payload
-
Raccoon family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-