General

  • Target

    JaffaCakes118_1299c1ba2aae7a7b384ddd1253faadc4ca0511f090310319e5af908d821ec237

  • Size

    726.8MB

  • Sample

    241223-y3qpqsznhk

  • MD5

    aaa21f68e182873dfa6ef15afae9fcf5

  • SHA1

    00a63fa40078aa87494fcd221833d23fddfedd77

  • SHA256

    1299c1ba2aae7a7b384ddd1253faadc4ca0511f090310319e5af908d821ec237

  • SHA512

    a0f531f821ef96007a93c489302b1cc90270f6896f8214cc1c251907477a98658b3cb6a8cd1b42a678fee55279f70fb384d7f49c0441738512a8868ba7e6b289

  • SSDEEP

    98304:8tUF1TU0GOWTMYXeeoTiReaJaVynrr7DSZkVdADtMpCoJYNlRY9cAyuePdJyuI:8SFC0GjTMde/xoarr7+ZkVCgjY6fR

Malware Config

Extracted

Family

raccoon

Botnet

055897d0963acbbc3c7d28d055fa1542

C2

http://45.144.29.243/

Attributes
  • user_agent

    mozzzzzzzzzzz

rc4.plain

Targets

    • Target

      JaffaCakes118_1299c1ba2aae7a7b384ddd1253faadc4ca0511f090310319e5af908d821ec237

    • Size

      726.8MB

    • MD5

      aaa21f68e182873dfa6ef15afae9fcf5

    • SHA1

      00a63fa40078aa87494fcd221833d23fddfedd77

    • SHA256

      1299c1ba2aae7a7b384ddd1253faadc4ca0511f090310319e5af908d821ec237

    • SHA512

      a0f531f821ef96007a93c489302b1cc90270f6896f8214cc1c251907477a98658b3cb6a8cd1b42a678fee55279f70fb384d7f49c0441738512a8868ba7e6b289

    • SSDEEP

      98304:8tUF1TU0GOWTMYXeeoTiReaJaVynrr7DSZkVdADtMpCoJYNlRY9cAyuePdJyuI:8SFC0GjTMde/xoarr7+ZkVCgjY6fR

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V2 payload

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks