General

  • Target

    JaffaCakes118_29c4b60a24c0eef090b656c1a33b0284a778232f422a4fb400ce1975bf21d45a

  • Size

    721.0MB

  • Sample

    241225-a9dfzssmfz

  • MD5

    ee565419e54ff8de8d71828451689736

  • SHA1

    96efd5bdd34d6d1718559af2402e171b346f4c77

  • SHA256

    29c4b60a24c0eef090b656c1a33b0284a778232f422a4fb400ce1975bf21d45a

  • SHA512

    69273467477303dfddc05a663f540968356e08d4aea7a4bd11510a5729dcd8ff80386754e3c7efadea532c7fe359fa6436782c350323bbf60c2efe1b005565f4

  • SSDEEP

    98304:y9EALOORkif751Ic2+a8fsf7xrkKDCIwl7llkCwpqfRzWOmCuOONWiR:ydi4XrXa8f0533wlDlUepXi

Malware Config

Extracted

Family

raccoon

Botnet

cf2a14f386eb5250ef280df942436e77

C2

http://88.119.171.209/

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Targets

    • Target

      JaffaCakes118_29c4b60a24c0eef090b656c1a33b0284a778232f422a4fb400ce1975bf21d45a

    • Size

      721.0MB

    • MD5

      ee565419e54ff8de8d71828451689736

    • SHA1

      96efd5bdd34d6d1718559af2402e171b346f4c77

    • SHA256

      29c4b60a24c0eef090b656c1a33b0284a778232f422a4fb400ce1975bf21d45a

    • SHA512

      69273467477303dfddc05a663f540968356e08d4aea7a4bd11510a5729dcd8ff80386754e3c7efadea532c7fe359fa6436782c350323bbf60c2efe1b005565f4

    • SSDEEP

      98304:y9EALOORkif751Ic2+a8fsf7xrkKDCIwl7llkCwpqfRzWOmCuOONWiR:ydi4XrXa8f0533wlDlUepXi

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks