General

  • Target

    JaffaCakes118_f4430682aed3f001e33c4f863d244c997e6ab6578140d8919f6dde5bc146ff3a

  • Size

    149KB

  • Sample

    241224-dq98dszraz

  • MD5

    81c063b34f612418fb3fdeb69b78248c

  • SHA1

    cf3c7638a10871d12696247d49734f2d9e7ee30a

  • SHA256

    f4430682aed3f001e33c4f863d244c997e6ab6578140d8919f6dde5bc146ff3a

  • SHA512

    9d348cff12778212d0ec78df944331470378d10b5c2ebc1f1d06ed64e398eebb0acfec2a0a2bb4a8ce6963694dee95daa2780c720bd915f18355682941c42ecb

  • SSDEEP

    3072:AU7cTws4oRYyxVgYLBkXjg5tQP07aC/A6miRLi4eerQDbb1sWy5B1/L8w:Z4TwJWOYacQPzC/AiGherAbbc3

Malware Config

Extracted

Family

raccoon

Botnet

63267bc2317b9849c2d512a4e16b0f3b

C2

http://shettester1000.com/

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Targets

    • Target

      90dda549593a7eaee8ce4c868ee1fbbfa7814ef660af560d2cb44650d26ce312

    • Size

      226KB

    • MD5

      4382f175e013a9467bbc82148770a623

    • SHA1

      e2aa29c9dd92e67211bb1df92bfe27d16c428074

    • SHA256

      90dda549593a7eaee8ce4c868ee1fbbfa7814ef660af560d2cb44650d26ce312

    • SHA512

      2f3eb4c4c6f0075935f4afc1ae2feb1858d6e0035993071083e6b12b93a4d807cd2b10f7798a948939dec021043ff17c1ea6360015d3fdc375389c370ddfda90

    • SSDEEP

      6144:nXC/Er0LxFr05caPlAiGVAs0NbpzHuSs:nXpr0NFY5dNAiGVSN9zH

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks