General

  • Target

    JaffaCakes118_a65f971c0379a241367ececfcc7c393f9a5353b74b5b7bbf43b308c7597ac934

  • Size

    9.9MB

  • Sample

    241223-xnh6nsxqgr

  • MD5

    e451bd98fc9da1405990f250a74416e0

  • SHA1

    3a1ecf87ed6a363fa945cf8398bd6a15fa5e09ba

  • SHA256

    a65f971c0379a241367ececfcc7c393f9a5353b74b5b7bbf43b308c7597ac934

  • SHA512

    d0872bdbff2c9bbfaecfa3de1e127d5d3a98e1287616d153d8ac6c2c0243f4ed2a7de71ac6ae5bfcd525bda772fbc2f37a072e19ca88239a4d03e96cc51f4311

  • SSDEEP

    196608:CSzYMNbwUQo4iANbIxmm3iSw75DZWaF7ZaT9TPW9N6U:0fUf45bNgI9k8aT9jW9L

Malware Config

Extracted

Family

raccoon

Botnet

ee7547b54385ca0437fddefa2f747d6f

C2

http://95.217.124.179/

Attributes
  • user_agent

    mozzzzzzzzzzz

xor.plain

Targets

    • Target

      Adobe Premiere Pro 2022 22.0.0.169 RePack by KpoJIuK.exe

    • Size

      726.2MB

    • MD5

      c944260b92040f232ab713cd88b13958

    • SHA1

      6c7afd9c0375d66cfa54d9af15645a2c210a06bd

    • SHA256

      780f7c19cff595e9ab83f0fb6ffe6ddcaa74497926960138c3512c02bc1858f0

    • SHA512

      4dec6184adc9ff717da1ff99808e56939502375af8aab69202f06222e11ba25c09721e4e231ad64b8af3b09f9be4eb1cc82e7b8bdca7f3199e44cd258823f961

    • SSDEEP

      98304:SjJ5dNgv+ZtsQVr6DEbrVUs0MWfehnw1oyiAJRrua5r2vJrGsL6B1yD2a1:gdnyDOrVUwaoyiMN7IEsL6rxa1

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      dllhelper.dll

    • Size

      153KB

    • MD5

      1b13ac6572d32448c0e15bf00a04fb98

    • SHA1

      b145d3e5b2649af1e6c680e8a7f0d5b6f7c962e4

    • SHA256

      9eb3aabe31f6e0254ecbbb7fffa6f11428e8f85f785739c62fde88be09c81a78

    • SHA512

      b754b8607d04fbd6165023b5ef1bf01f2af60ce9595ea3a2f7cf03b28355a92310f6d5cbb27247d9270debe62d9eb688778a065cb75ff0d4411d97db283c173b

    • SSDEEP

      1536:B2ozr2yXFR9TEJYSCUWB1VBbM4mndJsBjUO6sZ9ynxj/6gfyU78uXBaiurkjPZjb:0ozrhjDSCJmuliYuRVokjBjEw

    Score
    3/10
    • Target

      dllhelper64.dll

    • Size

      228KB

    • MD5

      e4c67cc149ca5fa61382f8654409feee

    • SHA1

      408931b18d31562fe9f3419d7663a1cafcc7f65f

    • SHA256

      f2f264bd4faa5fccf3bd32a9a7b6b5ffc90754c759dca3127be0ff107bef33a6

    • SHA512

      49de4dc0de0f25dd279a33124fc4fdc2b80cec6105c70290db48f77068775f1727c5f4d996bf41f5ded424de0318a5eef9e0ad08050a0fd3a8964c94afa89f8b

    • SSDEEP

      1536:6kig1Ac42h743XNd55vQryAdbEPVBbM44DdROpiMnesVWDwVPhVbOucFCDrMq1np:jT1lh743rvQ4R46hJ/Uyxu9yLBRiy

    Score
    1/10
    • Target

      AdobeIPCBroker.exe

    • Size

      1.0MB

    • MD5

      2281dffdb1988937b6c9d30128e64b42

    • SHA1

      549c86e215b80f67a036fa93304fcb367e0f346d

    • SHA256

      99557b43cd337e46afab2d277fc0e8cfe668241780e68dd4c88c9099f65c809b

    • SHA512

      8bbc920054c842d6bb8ba5e3e5896dff6c56a6662a35dcde952a4a4b68d726352d9ffbee8734590214e6c640332d913a63802a2aed666794d4554c03f592be31

    • SSDEEP

      24576:9PHeMy8QQGeQrRUm7KAd6JtFMGFWwa5iksXSGBwKMDHreO9w7chAd:ZbhSnKAwCWjMmXtgBwp

    Score
    3/10
    • Target

      customhook/AdobeIPCBrokerCustomHook.exe

    • Size

      197KB

    • MD5

      64100ce9dd9e670e28a487aabe7c1241

    • SHA1

      4ac3eeb414d7d8d1c80b8644e445d2684991150f

    • SHA256

      e97c8ed6d6c95556c11f73149a54b759548fd144e23f320ffa573709db9ccba7

    • SHA512

      8527b9df907e98f0e810583cb1e64b7f8486e540daea5a7c0052e96d94516290eeb4f22163ed16b17006974d407132565e2c48d653ba385ab86857c0290d7cef

    • SSDEEP

      3072:cjetgAXQLGOyYJI++TNHWtGm7B8xOVafniAg0Fujo+LXV5trbcCy:cjeAy+UN2t3AOb35bcCy

    Score
    3/10
    • Target

      AdobePIM.dll

    • Size

      2.1MB

    • MD5

      beb8e03bb664c6715efb2523d48a10a8

    • SHA1

      a366eef76eb31fca69c0e4ad9f4ca1c8747dbf87

    • SHA256

      e9df32510cecde28b237510f8e04c6861b2b27bc38886450e26e9f57044ccacf

    • SHA512

      36b291fc2b808cec4668fb091f80afcdcadc7dec464b3da4364ac6213657378626fd12cd9e578206c9d3293aeb07e9b9807c9ef5576da1f1a1b2dfb4990b695d

    • SSDEEP

      49152:g15hDTdnSb8oibZAPxoVxBFxo8GMcsNWsniXNTOfZ1D8LnU24M:g15hndnSOOyxBjo8GMcsNWtS1inUK

    Score
    4/10
    • Target

      Core.dll

    • Size

      816KB

    • MD5

      58bf45a10e81ccda54eb44c76a5d039b

    • SHA1

      7061b02c29f3ebe6787979ac29614b60557a4257

    • SHA256

      69493994c50dac680be2be6f49642670bb0a6576303a83b70b63ec534590496b

    • SHA512

      a3c1d88b2f567e06083e406213b42a1f5c78bf6c511edf5aeb48f720cdd8e633201a157375a1d6ecf6990dec0263197a611fdb7e03d2abc0b82beb33779ede74

    • SSDEEP

      24576:JLdzOfymt+B/LIPD10RwFV7aE3ILlcrT7fYXL4Rz:RdqhsUPORg7XILlsT7fYXL4Rz

    Score
    3/10
    • Target

      resources/AdobePIM.dll

    • Size

      2.1MB

    • MD5

      beb8e03bb664c6715efb2523d48a10a8

    • SHA1

      a366eef76eb31fca69c0e4ad9f4ca1c8747dbf87

    • SHA256

      e9df32510cecde28b237510f8e04c6861b2b27bc38886450e26e9f57044ccacf

    • SHA512

      36b291fc2b808cec4668fb091f80afcdcadc7dec464b3da4364ac6213657378626fd12cd9e578206c9d3293aeb07e9b9807c9ef5576da1f1a1b2dfb4990b695d

    • SSDEEP

      49152:g15hDTdnSb8oibZAPxoVxBFxo8GMcsNWsniXNTOfZ1D8LnU24M:g15hndnSOOyxBjo8GMcsNWtS1inUK

    Score
    4/10

MITRE ATT&CK Enterprise v15

Tasks