Behavioral task
behavioral1
Sample
JaffaCakes118_4586fd33983c2d18593d6ea7e45f24b21244ea182fa9d67e292f679f18cee562.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4586fd33983c2d18593d6ea7e45f24b21244ea182fa9d67e292f679f18cee562.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_4586fd33983c2d18593d6ea7e45f24b21244ea182fa9d67e292f679f18cee562
-
Size
9.2MB
-
MD5
4969a3d6e34b191da411701186eba8c1
-
SHA1
7e74281ab62bcbedfd5936bafc7b58f098536e68
-
SHA256
4586fd33983c2d18593d6ea7e45f24b21244ea182fa9d67e292f679f18cee562
-
SHA512
2f0ebc1fd3fa96b9629afda8788ddd92c4fa4079b08f69ab286c7859027d635c5a0baad227521f27b4e57fb3618b20b7d9feb25bd395eced8c2ab91005175e04
-
SSDEEP
196608:E+BFLvuPmhD1/ZJIqPYycaVJoqcYWSRk1c52g:EKLv4GY1x3mkyz
Malware Config
Signatures
-
Raccoon Stealer V2 payload 1 IoCs
resource yara_rule sample family_raccoon_v2 -
Raccoon family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_4586fd33983c2d18593d6ea7e45f24b21244ea182fa9d67e292f679f18cee562
Files
-
JaffaCakes118_4586fd33983c2d18593d6ea7e45f24b21244ea182fa9d67e292f679f18cee562.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: - Virtual size: 139KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.HCR0 Size: - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.HCR1 Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.HCR2 Size: 5.8MB - Virtual size: 5.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 474B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ