General

  • Target

    JaffaCakes118_16b4acb99f7db76d5d75b9e960df5e2c13f23c2dad48d81d3e6093a0b4726d4d

  • Size

    726.3MB

  • Sample

    241225-cwyacavkev

  • MD5

    1cacf33ff276840ce542d327ae03fe90

  • SHA1

    84b445d37ef3eb9b0d3f2785680cdafe0eb46124

  • SHA256

    16b4acb99f7db76d5d75b9e960df5e2c13f23c2dad48d81d3e6093a0b4726d4d

  • SHA512

    8c1aafc973fef11ecf934440c71324d7bd03b2f6db4830d0d646ea2f85ada280c3bde9469bdfa82ad74e891705c21149862ce1518f04bb0edd656e0182322aa0

  • SSDEEP

    98304:SIDaz0xN5QUbTNXlQGZhJEDPsIepyA1Io7C7n1Ncf16hriIQNocO43yCrftOCe4:SIjQUJoPsIep6o7cyWOthdNe4

Malware Config

Extracted

Family

raccoon

Botnet

b3e62a345d90ee80b30dcc988ddc399f

C2

http://170.75.168.118/

http://85.192.63.125/

http://51.195.166.172/

Attributes
  • user_agent

    mozzzzzzzzzzz

xor.plain

Targets

    • Target

      JaffaCakes118_16b4acb99f7db76d5d75b9e960df5e2c13f23c2dad48d81d3e6093a0b4726d4d

    • Size

      726.3MB

    • MD5

      1cacf33ff276840ce542d327ae03fe90

    • SHA1

      84b445d37ef3eb9b0d3f2785680cdafe0eb46124

    • SHA256

      16b4acb99f7db76d5d75b9e960df5e2c13f23c2dad48d81d3e6093a0b4726d4d

    • SHA512

      8c1aafc973fef11ecf934440c71324d7bd03b2f6db4830d0d646ea2f85ada280c3bde9469bdfa82ad74e891705c21149862ce1518f04bb0edd656e0182322aa0

    • SSDEEP

      98304:SIDaz0xN5QUbTNXlQGZhJEDPsIepyA1Io7C7n1Ncf16hriIQNocO43yCrftOCe4:SIjQUJoPsIep6o7cyWOthdNe4

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks