General

  • Target

    JaffaCakes118_202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9

  • Size

    2.5MB

  • Sample

    241224-vm3gtasqam

  • MD5

    868b8d102e5b76df02a76a6063fc963e

  • SHA1

    02902b2b1be8065c8b1361f8b1f7e3795470b634

  • SHA256

    202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9

  • SHA512

    9c86df899500dc8bfcc606d40e57017c8e987ed597a1a8286a59c1044027a8030a88b8734fe0383d55d310b7d2983343998f00bcd46501641186f1b7ffe4ed9c

  • SSDEEP

    24576:I09J5wsOjflMYKY0YSY0YuCfZMDYJYLdtZ8tZvEoKCDh/fj6LuYp2Fl3RuQ5531q:IeojWYKspaCDh/fj6Ql3Q

Malware Config

Extracted

Family

raccoon

Botnet

ce21570f8b07f4e68bfb7f44917635b1

C2

http://77.73.133.7/

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Targets

    • Target

      JaffaCakes118_202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9

    • Size

      2.5MB

    • MD5

      868b8d102e5b76df02a76a6063fc963e

    • SHA1

      02902b2b1be8065c8b1361f8b1f7e3795470b634

    • SHA256

      202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9

    • SHA512

      9c86df899500dc8bfcc606d40e57017c8e987ed597a1a8286a59c1044027a8030a88b8734fe0383d55d310b7d2983343998f00bcd46501641186f1b7ffe4ed9c

    • SSDEEP

      24576:I09J5wsOjflMYKY0YSY0YuCfZMDYJYLdtZ8tZvEoKCDh/fj6LuYp2Fl3RuQ5531q:IeojWYKspaCDh/fj6Ql3Q

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks