General

  • Target

    JaffaCakes118_ed17563a8301541dbde0819366190ff7c6566a417f0d5b348fc03771b8c86420

  • Size

    726.4MB

  • Sample

    241224-wq4pqatjhv

  • MD5

    b0f343f04f6eb8ce65a4a79b38cd11a5

  • SHA1

    98b00d5cffdbda7ad6886c5b6b309457fefd2cdb

  • SHA256

    ed17563a8301541dbde0819366190ff7c6566a417f0d5b348fc03771b8c86420

  • SHA512

    15d308792e323410fda01785dbb66ac3fa5d938d9a4ad47d8b1ad45fdfb65f7c227b34d6f7fc0f508d78c8060d528dc37b5cca74a54314bff09ddfae1a6592c5

  • SSDEEP

    98304:6T5dSWpRcLuAp2k19qNs8aTSFbB4NEF47bKt1RHlNq7Sw1IfR0uWCY2Ao:6T5MWULuAH1X8aGBB4GKKt1RFNgApYK

Malware Config

Extracted

Family

raccoon

Botnet

b3e62a345d90ee80b30dcc988ddc399f

C2

http://51.255.211.208/

http://5.252.118.129/

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Targets

    • Target

      JaffaCakes118_ed17563a8301541dbde0819366190ff7c6566a417f0d5b348fc03771b8c86420

    • Size

      726.4MB

    • MD5

      b0f343f04f6eb8ce65a4a79b38cd11a5

    • SHA1

      98b00d5cffdbda7ad6886c5b6b309457fefd2cdb

    • SHA256

      ed17563a8301541dbde0819366190ff7c6566a417f0d5b348fc03771b8c86420

    • SHA512

      15d308792e323410fda01785dbb66ac3fa5d938d9a4ad47d8b1ad45fdfb65f7c227b34d6f7fc0f508d78c8060d528dc37b5cca74a54314bff09ddfae1a6592c5

    • SSDEEP

      98304:6T5dSWpRcLuAp2k19qNs8aTSFbB4NEF47bKt1RHlNq7Sw1IfR0uWCY2Ao:6T5MWULuAH1X8aGBB4GKKt1RFNgApYK

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks