Overview

overview

10

Static

static

1

JaffaCakes...b2.exe

windows7-x64

10

JaffaCakes...b2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_83dbed249f410d8d7e95226105af7ac5065b33e208434a6cc7db437369d354b2

  • Size

    800.0MB

  • Sample

    241225-h3x6ta1lgl

  • MD5

    82f06702426018eddc9c6da2dc246c84

  • SHA1

    b513c6b4e2d51f8696ca3598a355dc9ff817614b

  • SHA256

    83dbed249f410d8d7e95226105af7ac5065b33e208434a6cc7db437369d354b2

  • SHA512

    b56ab2360da0e391187cae11abfadc2750fee5ed84d7bf3be614e58f9e04b179a1f29745b9d5d4c0facdd353bca1335d30ec7b8d0abbfbbbc779e3bb7c560acb

  • SSDEEP

    3072:VjbyIdPQ+IVllRy0rLf8kGwkIoCtpstpmaCY6Sh2wAKZPIzFMv/Inwxd:VjbyGIJlFrFkUtpstomow5QJM4nM

Score
10/10
raccoon8fb7b851641d456f39570978e99f780ediscoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

8fb7b851641d456f39570978e99f780e

C2

http://45.15.156.239/

Attributes
  • user_agent

    901785252112

xor.plain

Targets

    • Target

      JaffaCakes118_83dbed249f410d8d7e95226105af7ac5065b33e208434a6cc7db437369d354b2

    • Size

      800.0MB

    • MD5

      82f06702426018eddc9c6da2dc246c84

    • SHA1

      b513c6b4e2d51f8696ca3598a355dc9ff817614b

    • SHA256

      83dbed249f410d8d7e95226105af7ac5065b33e208434a6cc7db437369d354b2

    • SHA512

      b56ab2360da0e391187cae11abfadc2750fee5ed84d7bf3be614e58f9e04b179a1f29745b9d5d4c0facdd353bca1335d30ec7b8d0abbfbbbc779e3bb7c560acb

    • SSDEEP

      3072:VjbyIdPQ+IVllRy0rLf8kGwkIoCtpstpmaCY6Sh2wAKZPIzFMv/Inwxd:VjbyGIJlFrFkUtpstomow5QJM4nM

    Score
    10/10
    raccoon8fb7b851641d456f39570978e99f780ediscoverystealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon Stealer V2 payload

    • Raccoon family

      raccoon

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks