General

  • Target

    JaffaCakes118_8413e18f4f81fedd8ff3507d1d5c98124a2ecce21a743e0e5f0ee810bcb88a04

  • Size

    726.8MB

  • Sample

    241225-ba8nhsspcp

  • MD5

    c26f79088276bb0d3d8331bf2a1aa254

  • SHA1

    da5820a87543571ca684d1d0a7271143972ae77e

  • SHA256

    8413e18f4f81fedd8ff3507d1d5c98124a2ecce21a743e0e5f0ee810bcb88a04

  • SHA512

    7c3484e0f43a7ecf6141021fdafaa8aa18a10ce7838da86a1931ee5e8f87227addf8b12a8e3cfb5980358942b7fd6c44d44198471212fc9cd8d5ce62b9b1cda4

  • SSDEEP

    196608:GGwDS7B4Xg1IJkXPMo4fZSM+kvV32DpW/b/Cs:GGBV4Xg1IJkf8wkvOsL

Malware Config

Extracted

Family

raccoon

Botnet

8c3e4aa007fb2f2defacc1f952806f72

C2

http://85.192.40.253/

http://170.75.160.9/

http://79.137.195.240/

Attributes
  • user_agent

    23591

xor.plain

Targets

    • Target

      JaffaCakes118_8413e18f4f81fedd8ff3507d1d5c98124a2ecce21a743e0e5f0ee810bcb88a04

    • Size

      726.8MB

    • MD5

      c26f79088276bb0d3d8331bf2a1aa254

    • SHA1

      da5820a87543571ca684d1d0a7271143972ae77e

    • SHA256

      8413e18f4f81fedd8ff3507d1d5c98124a2ecce21a743e0e5f0ee810bcb88a04

    • SHA512

      7c3484e0f43a7ecf6141021fdafaa8aa18a10ce7838da86a1931ee5e8f87227addf8b12a8e3cfb5980358942b7fd6c44d44198471212fc9cd8d5ce62b9b1cda4

    • SSDEEP

      196608:GGwDS7B4Xg1IJkXPMo4fZSM+kvV32DpW/b/Cs:GGBV4Xg1IJkf8wkvOsL

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V2 payload

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks