General
-
Target
JaffaCakes118_202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9
-
Size
2.5MB
-
Sample
241224-vm3gtasqam
-
MD5
868b8d102e5b76df02a76a6063fc963e
-
SHA1
02902b2b1be8065c8b1361f8b1f7e3795470b634
-
SHA256
202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9
-
SHA512
9c86df899500dc8bfcc606d40e57017c8e987ed597a1a8286a59c1044027a8030a88b8734fe0383d55d310b7d2983343998f00bcd46501641186f1b7ffe4ed9c
-
SSDEEP
24576:I09J5wsOjflMYKY0YSY0YuCfZMDYJYLdtZ8tZvEoKCDh/fj6LuYp2Fl3RuQ5531q:IeojWYKspaCDh/fj6Ql3Q
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
JaffaCakes118_202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
raccoon
ce21570f8b07f4e68bfb7f44917635b1
http://77.73.133.7/
-
user_agent
TakeMyPainBack
Targets
-
-
Target
JaffaCakes118_202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9
-
Size
2.5MB
-
MD5
868b8d102e5b76df02a76a6063fc963e
-
SHA1
02902b2b1be8065c8b1361f8b1f7e3795470b634
-
SHA256
202a5631c6e19954c3d85a1bdb9dc14f8d6906e1bc640ee0f940adb7446e04b9
-
SHA512
9c86df899500dc8bfcc606d40e57017c8e987ed597a1a8286a59c1044027a8030a88b8734fe0383d55d310b7d2983343998f00bcd46501641186f1b7ffe4ed9c
-
SSDEEP
24576:I09J5wsOjflMYKY0YSY0YuCfZMDYJYLdtZ8tZvEoKCDh/fj6LuYp2Fl3RuQ5531q:IeojWYKspaCDh/fj6Ql3Q
-
Raccoon family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-