General

  • Target

    JaffaCakes118_af78cde1475ceda5da42d092ac16fa48e257faa744ad95dcce485910f1247fe6

  • Size

    6.9MB

  • Sample

    241224-mx52pawjhl

  • MD5

    6668a04f43e39736a3c2fbbb61954d9c

  • SHA1

    e9a26d2e9786241f2c875e143e824d76dd57d095

  • SHA256

    af78cde1475ceda5da42d092ac16fa48e257faa744ad95dcce485910f1247fe6

  • SHA512

    ad4cab953203b7f73955b8d4a50f98e6150db253e9930d25541324856eac26fe9689ef631aae5a9d2de51beccd014c83d3199462d0045f393ccb3159fbbbfa35

  • SSDEEP

    196608:DrDcItGxUYC99/5D/s8iytG1EgpQ64p/J:DtGnC3/l/sDytSu64/J

Malware Config

Extracted

Family

raccoon

Botnet

0dcbeb99ec1adc5c2b2b94dc1e3fd2c4

C2

http://94.131.106.116/

Attributes
  • user_agent

    mozzzzzzzzzzz

xor.plain

Targets

    • Target

      Setup1.exe

    • Size

      726.3MB

    • MD5

      74654e9c6ea89db90f9d74beb322ff45

    • SHA1

      5f6db93ee8552e21569635612dff751452b54907

    • SHA256

      a7ce282430cf0ed454c40b18892b2e05bc6ad16decf01876cef6ecee5d97324a

    • SHA512

      80d7ea6dd8ccdc762a2e6d362aa259971fd41a268dee78c340b75da74a6f4d0dbf9bdfb2f11beaff7149e08f6ab2b5499d622de28e4abe5e9b241a350396d0dd

    • SSDEEP

      196608:/dKGqRXeGlMhocWPP3J5PMIVoI8GY7laYKloNX:xulM/WX3HPMn1laYNX

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks