raccoon

General

Target

JaffaCakes118_1fe5a90e2ae466a1592fbbe1f36eed42b5d50ab0d5090a2a601a1c52f9a38e7d
Size

700.0MB
Sample

241225-hv4nma1kfp
MD5

5cbf88d9ac19d0f1e7bc1ad7f832fd4e
SHA1

42e5c569044bcb1b2e0df56ed619de4857441953
SHA256

1fe5a90e2ae466a1592fbbe1f36eed42b5d50ab0d5090a2a601a1c52f9a38e7d
SHA512

9dbe161830305a3d0bc3228978e20575f4b1936add27670ab09d9194a89d8f75b8c01c8fd0dceaa8d8bf7a28a50143c2d68147dafdf9a64001b1bd2f7b719c90
SSDEEP

98304:2aiY94OibC7uFOqRNAGmW0XPfd3g6+H+lIZAuLYO:2zgEOiNNmW0XPfdg66j5LYO

Score

10^/10

Malware Config

Extracted

Family

raccoon

Botnet

1fa2b867e4d5e41181a2311356e86268

C2

http://102.130.119.173

Attributes

user_agent
TakeMyPainBack

xor.plain

Targets

- Target
  
  JaffaCakes118_1fe5a90e2ae466a1592fbbe1f36eed42b5d50ab0d5090a2a601a1c52f9a38e7d
- Size
  
  700.0MB
- MD5
  
  5cbf88d9ac19d0f1e7bc1ad7f832fd4e
- SHA1
  
  42e5c569044bcb1b2e0df56ed619de4857441953
- SHA256
  
  1fe5a90e2ae466a1592fbbe1f36eed42b5d50ab0d5090a2a601a1c52f9a38e7d
- SHA512
  
  9dbe161830305a3d0bc3228978e20575f4b1936add27670ab09d9194a89d8f75b8c01c8fd0dceaa8d8bf7a28a50143c2d68147dafdf9a64001b1bd2f7b719c90
- SSDEEP
  
  98304:2aiY94OibC7uFOqRNAGmW0XPfd3g6+H+lIZAuLYO:2zgEOiNNmW0XPfdg66j5LYO
Score

10^/10

raccoon zgrat 1fa2b867e4d5e41181a2311356e86268 discovery rat stealer
- Detect ZGRat V2
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon family
  raccoon
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Zgrat family
  zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V2

Raccoon family

ZGRat

Zgrat family

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2