General

  • Target

    JaffaCakes118_322053a6278cb5887cd959f1a94d0a83965f846b7b8006108795ee3355267827

  • Size

    219KB

  • Sample

    241224-rcl6asypgs

  • MD5

    a128003fffffa8614cac141c60de0872

  • SHA1

    5da18e56e4dab5982b43ba67b2562f076837eb8a

  • SHA256

    322053a6278cb5887cd959f1a94d0a83965f846b7b8006108795ee3355267827

  • SHA512

    971287e6da28f4fe69d86978ff4f3b0f7ae08be2c4b63fc131119621468fb778882e138ef05d65f74f1b2ddd972d450b93513c6e448ca9ac3bada8b4e7883d5f

  • SSDEEP

    3072:LXpRRH8YLY4QogBQ5GSFXFL98O8IsZkmCkkOAAQS0KzwmS1Gr1of:jRH8YLiBwFVLWNZ/CNODQS0UwTX

Malware Config

Extracted

Family

raccoon

Botnet

63267bc2317b9849c2d512a4e16b0f3b

C2

http://shettester1000.com/

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Targets

    • Target

      JaffaCakes118_322053a6278cb5887cd959f1a94d0a83965f846b7b8006108795ee3355267827

    • Size

      219KB

    • MD5

      a128003fffffa8614cac141c60de0872

    • SHA1

      5da18e56e4dab5982b43ba67b2562f076837eb8a

    • SHA256

      322053a6278cb5887cd959f1a94d0a83965f846b7b8006108795ee3355267827

    • SHA512

      971287e6da28f4fe69d86978ff4f3b0f7ae08be2c4b63fc131119621468fb778882e138ef05d65f74f1b2ddd972d450b93513c6e448ca9ac3bada8b4e7883d5f

    • SSDEEP

      3072:LXpRRH8YLY4QogBQ5GSFXFL98O8IsZkmCkkOAAQS0KzwmS1Gr1of:jRH8YLiBwFVLWNZ/CNODQS0UwTX

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks