General

  • Target

    JaffaCakes118_070e276669c379bc0a2b8cf8bef518cd0a91a2b3dcf0e8ddb62339784581048f

  • Size

    726.6MB

  • Sample

    241222-yweznaxme1

  • MD5

    4a18eca46e5b202e614e5b0d69f6e9b3

  • SHA1

    c8459e1dfa0eaf9bc64500c850ddfa2a1c91fdff

  • SHA256

    070e276669c379bc0a2b8cf8bef518cd0a91a2b3dcf0e8ddb62339784581048f

  • SHA512

    f032a449a0014737901ed74cd25a65eaddbad6c49bb27146790263de8a2987cd26f99b5e2bff0d6994ebe092188d513a9719177ca0debf570eecd9d169ed6a2f

  • SSDEEP

    98304:RjRxgAbYvbDZhuIQRnm9hLeu6Snggd5erLaOB7At9Nd4WqVfqkezdQkjK/PTh:lRnbYvbDZh8RkLeOnGPalbsSAz3Th

Malware Config

Extracted

Family

raccoon

Botnet

4d8caf3df626ca1a812c75113a24e797

C2

http://45.153.243.16/

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Targets

    • Target

      JaffaCakes118_070e276669c379bc0a2b8cf8bef518cd0a91a2b3dcf0e8ddb62339784581048f

    • Size

      726.6MB

    • MD5

      4a18eca46e5b202e614e5b0d69f6e9b3

    • SHA1

      c8459e1dfa0eaf9bc64500c850ddfa2a1c91fdff

    • SHA256

      070e276669c379bc0a2b8cf8bef518cd0a91a2b3dcf0e8ddb62339784581048f

    • SHA512

      f032a449a0014737901ed74cd25a65eaddbad6c49bb27146790263de8a2987cd26f99b5e2bff0d6994ebe092188d513a9719177ca0debf570eecd9d169ed6a2f

    • SSDEEP

      98304:RjRxgAbYvbDZhuIQRnm9hLeu6Snggd5erLaOB7At9Nd4WqVfqkezdQkjK/PTh:lRnbYvbDZh8RkLeOnGPalbsSAz3Th

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks