General

  • Target

    JaffaCakes118_64f9fe0eeaf1e21c27879c85f0b2fbb5cba9d760fc3a73ae58a490ebe4dced42

  • Size

    726.3MB

  • Sample

    241224-a9zdfsxlaj

  • MD5

    347ba6013752fbe969bc3026639b0104

  • SHA1

    d9e476cb7b09efdc98aedeb3baf5e8d1bbfec6fb

  • SHA256

    64f9fe0eeaf1e21c27879c85f0b2fbb5cba9d760fc3a73ae58a490ebe4dced42

  • SHA512

    60edc7ee42912f988d3df461f79d2c1059f01180514a994e6980258136c8a7937cb5d97b599d127a5caaf564c4891e18b9577b7eb14a57e34613b40bd16d3a88

  • SSDEEP

    98304:lCPkOmG+sbBOcINYWcrdY6N+Q/tvW0qXNa6ntZQoTlNKD6RGb2Uv1P7mgjqwGaxj:lCP1xbZdY6gQ1uv9a+vNKDfJ1jmzwzj

Malware Config

Extracted

Family

raccoon

Botnet

985151cfbc2662a774d6e7f7d992c04d

C2

http://89.185.85.53/

Attributes
  • user_agent

    mozzzzzzzzzzz

xor.plain

Targets

    • Target

      JaffaCakes118_64f9fe0eeaf1e21c27879c85f0b2fbb5cba9d760fc3a73ae58a490ebe4dced42

    • Size

      726.3MB

    • MD5

      347ba6013752fbe969bc3026639b0104

    • SHA1

      d9e476cb7b09efdc98aedeb3baf5e8d1bbfec6fb

    • SHA256

      64f9fe0eeaf1e21c27879c85f0b2fbb5cba9d760fc3a73ae58a490ebe4dced42

    • SHA512

      60edc7ee42912f988d3df461f79d2c1059f01180514a994e6980258136c8a7937cb5d97b599d127a5caaf564c4891e18b9577b7eb14a57e34613b40bd16d3a88

    • SSDEEP

      98304:lCPkOmG+sbBOcINYWcrdY6N+Q/tvW0qXNa6ntZQoTlNKD6RGb2Uv1P7mgjqwGaxj:lCP1xbZdY6gQ1uv9a+vNKDfJ1jmzwzj

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks