Overview

overview

10

Static

static

1

Blessed_Ar...er.exe

windows7-x64

10

Blessed_Ar...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7c7ae0d094b3a9f6772ef3fe9d36874464a1a7b524d4ddb8052abcd5f4e36886

  • Size

    153KB

  • Sample

    241225-x3vg9atngs

  • MD5

    de4a0568b658e6f55c7c806f58b32c16

  • SHA1

    2528311f8df42e06c1fe2aac5be40fe316e4e685

  • SHA256

    7c7ae0d094b3a9f6772ef3fe9d36874464a1a7b524d4ddb8052abcd5f4e36886

  • SHA512

    e431d2f6be1ffefebdc2ca831c796b5efb97f6e415263eb6c09138f0624c6cf5ce30eb80a47692b9b6e2a0c205255c82f18eadb65a197b37dd80d2249203a54a

  • SSDEEP

    3072:5G4++KzUiEt2IxRFPHMkgmvRV9VFYV8Lde5mngtjhpjqNv4O:A4thVrxzH5gmzHFYOLMmg3x0AO

Score
10/10
raccoon0ca28e482be111f26f863ee51909f00adiscoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

0ca28e482be111f26f863ee51909f00a

C2

http://45.153.240.247/

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Targets

    • Target

      Blessed_Arena_Launcher.exe

    • Size

      640.3MB

    • MD5

      96ed1b695e147100ed52639fe19faea7

    • SHA1

      c13b9b6eb2b0d4539e83547a44c344fee5b433e9

    • SHA256

      4e2f8682ea59ffe7b2169d7f8cf7c4f4600633d4e6e4f9dfafe3a1e34b85afb6

    • SHA512

      5eb4749efce101b4730aaf3cebbfc83ee93a01548353dd57de4b528c4550eb2bf4acf455505595669513d3dec265c236c36cf2feabd72636ff709fdd5ab1f871

    • SSDEEP

      6144:rv1OXCnvp4HDTvcc3udugDycDkHSnCIWA:rv1KCnh4H3vcVugDyAkHWCIWA

    Score
    10/10
    raccoon0ca28e482be111f26f863ee51909f00adiscoverystealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon family

      raccoon

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks