Overview

overview

10

Static

static

3

JaffaCakes...b1.exe

windows7-x64

10

JaffaCakes...b1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_00b12507c3266f5a1fe2a83de1df2b8b285bd6b065dcc92e0df8452332d899b1

  • Size

    700.0MB

  • Sample

    241222-x6rwjawpcs

  • MD5

    ce4e114b684bfc936696420740a2802f

  • SHA1

    e9c4ec97e153cfda647e29bc371a5c11373197c0

  • SHA256

    00b12507c3266f5a1fe2a83de1df2b8b285bd6b065dcc92e0df8452332d899b1

  • SHA512

    6717397ff707fcd7aa5ee9ef310b990c1c4a2109103a767313ad1be8e402ffacba5113983f4e8923a40d08a5e50541dde060defcc69b935aec4eb8c8459f7f9d

  • SSDEEP

    12288:j3pNcDWM2f9HW/ysKMN3x//NNdGT7jSk7Wq20A3k3kxChx4m:j3p28pLhYM3kxChx4m

Score
10/10
raccoon35ccc1fca72616c3518725fe1674cf6ediscoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

35ccc1fca72616c3518725fe1674cf6e

C2

http://102.130.115.199

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Targets

    • Target

      JaffaCakes118_00b12507c3266f5a1fe2a83de1df2b8b285bd6b065dcc92e0df8452332d899b1

    • Size

      700.0MB

    • MD5

      ce4e114b684bfc936696420740a2802f

    • SHA1

      e9c4ec97e153cfda647e29bc371a5c11373197c0

    • SHA256

      00b12507c3266f5a1fe2a83de1df2b8b285bd6b065dcc92e0df8452332d899b1

    • SHA512

      6717397ff707fcd7aa5ee9ef310b990c1c4a2109103a767313ad1be8e402ffacba5113983f4e8923a40d08a5e50541dde060defcc69b935aec4eb8c8459f7f9d

    • SSDEEP

      12288:j3pNcDWM2f9HW/ysKMN3x//NNdGT7jSk7Wq20A3k3kxChx4m:j3p28pLhYM3kxChx4m

    Score
    10/10
    raccoon35ccc1fca72616c3518725fe1674cf6ediscoverystealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon family

      raccoon

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks