General

  • Target

    JaffaCakes118_d5a663ffd4cec14f0b2f3cfa45dab4e556b9788bf6c74a2fbb37a915fd4b0231

  • Size

    726.7MB

  • Sample

    241224-tt9zsssjcm

  • MD5

    e00c7511778383c619f6058e39021082

  • SHA1

    9fb3fde1999b7af20660f2f66a559e6409e23800

  • SHA256

    d5a663ffd4cec14f0b2f3cfa45dab4e556b9788bf6c74a2fbb37a915fd4b0231

  • SHA512

    b094d12a830de5e45426321a0ab8b983b2c95402371b90ebe121398269b31a24bf7128dbc476175e83497b9dd0b21ab1be2a92a747039260a4cb94b5be8a3204

  • SSDEEP

    196608:fLs7SGlfumJcL4H2rAVdQSfJeHlvhAGlpXHrls2p/Z2E5XCe:Ds9mmJO4H2M73xgzvlpXLls2n5Se

Malware Config

Extracted

Family

raccoon

Botnet

467a953db8cf896cec6946f6144f8158

C2

http://80.85.241.20/

http://79.137.202.30/

Attributes
  • user_agent

    901785252112

xor.plain

Targets

    • Target

      JaffaCakes118_d5a663ffd4cec14f0b2f3cfa45dab4e556b9788bf6c74a2fbb37a915fd4b0231

    • Size

      726.7MB

    • MD5

      e00c7511778383c619f6058e39021082

    • SHA1

      9fb3fde1999b7af20660f2f66a559e6409e23800

    • SHA256

      d5a663ffd4cec14f0b2f3cfa45dab4e556b9788bf6c74a2fbb37a915fd4b0231

    • SHA512

      b094d12a830de5e45426321a0ab8b983b2c95402371b90ebe121398269b31a24bf7128dbc476175e83497b9dd0b21ab1be2a92a747039260a4cb94b5be8a3204

    • SSDEEP

      196608:fLs7SGlfumJcL4H2rAVdQSfJeHlvhAGlpXHrls2p/Z2E5XCe:Ds9mmJO4H2M73xgzvlpXLls2n5Se

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V2 payload

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks