General

  • Target

    JaffaCakes118_4b9dbcd9bebacee97e2d97d4d3b648bdada5ffd391ae1c31b36bff5066884e45

  • Size

    728.2MB

  • Sample

    241225-ff4c7symep

  • MD5

    638f6d4d8de4a680a2f3e1c7c760d7e2

  • SHA1

    926091f5e95263b9eed4c059fc2841e22339bb53

  • SHA256

    4b9dbcd9bebacee97e2d97d4d3b648bdada5ffd391ae1c31b36bff5066884e45

  • SHA512

    f83045c22af503eb23ef66208ad6474ec41293bf1c3764d66f9ff039579f02a46d5887a21f3751a31df65d13d6c730cea69f3ddccf0f4cef03495605e7c6084f

  • SSDEEP

    196608:xW4Es4CSLvvC/KHJ3tffLVAnz6hMDLT6KWNiUEq:zJSLvvW4BhjSnei1AiUT

Malware Config

Extracted

Family

raccoon

Botnet

f26f614d4c0bc2bcd6601785661fb5cf

C2

http://77.73.134.82

http://83.217.11.23

Attributes
  • user_agent

    23591

xor.plain

Targets

    • Target

      JaffaCakes118_4b9dbcd9bebacee97e2d97d4d3b648bdada5ffd391ae1c31b36bff5066884e45

    • Size

      728.2MB

    • MD5

      638f6d4d8de4a680a2f3e1c7c760d7e2

    • SHA1

      926091f5e95263b9eed4c059fc2841e22339bb53

    • SHA256

      4b9dbcd9bebacee97e2d97d4d3b648bdada5ffd391ae1c31b36bff5066884e45

    • SHA512

      f83045c22af503eb23ef66208ad6474ec41293bf1c3764d66f9ff039579f02a46d5887a21f3751a31df65d13d6c730cea69f3ddccf0f4cef03495605e7c6084f

    • SSDEEP

      196608:xW4Es4CSLvvC/KHJ3tffLVAnz6hMDLT6KWNiUEq:zJSLvvW4BhjSnei1AiUT

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Raccoon Stealer V2 payload

    • Raccoon family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks