Overview

overview

10

Static

static

3

JaffaCakes...cf.exe

windows7-x64

10

JaffaCakes...cf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_f1944fc43d62db9057d45b21ce20af85ad848da4ca3c4bae33ac3c88e05242cf

  • Size

    2.5MB

  • Sample

    241229-gy8lbavme1

  • MD5

    823f991f3695eef217a51c51f2c701a9

  • SHA1

    6bdac4bea7c88d81e4220d118ce593bacf96fb11

  • SHA256

    f1944fc43d62db9057d45b21ce20af85ad848da4ca3c4bae33ac3c88e05242cf

  • SHA512

    83137543abc7ac9e27b6ee7b7291ad7d62180e03f22e017efa397e826de521d4b8cfd30086384a14d2107db75b9514495dd4437d13e79112d831deec69f7f905

  • SSDEEP

    24576:yKsoZcouIWCfRKY0YSY0YuCfZMDYJYLdtZ8tZvKs9CCDh/fj6Ll8VOSl3RuQ553/:yHoZOYRKspzCCDh/fj6Ol3D

Score
10/10
raccoonce21570f8b07f4e68bfb7f44917635b1discoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

ce21570f8b07f4e68bfb7f44917635b1

C2

http://77.73.133.7/

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Targets

    • Target

      JaffaCakes118_f1944fc43d62db9057d45b21ce20af85ad848da4ca3c4bae33ac3c88e05242cf

    • Size

      2.5MB

    • MD5

      823f991f3695eef217a51c51f2c701a9

    • SHA1

      6bdac4bea7c88d81e4220d118ce593bacf96fb11

    • SHA256

      f1944fc43d62db9057d45b21ce20af85ad848da4ca3c4bae33ac3c88e05242cf

    • SHA512

      83137543abc7ac9e27b6ee7b7291ad7d62180e03f22e017efa397e826de521d4b8cfd30086384a14d2107db75b9514495dd4437d13e79112d831deec69f7f905

    • SSDEEP

      24576:yKsoZcouIWCfRKY0YSY0YuCfZMDYJYLdtZ8tZvKs9CCDh/fj6Ll8VOSl3RuQ553/:yHoZOYRKspzCCDh/fj6Ol3D

    Score
    10/10
    raccoonce21570f8b07f4e68bfb7f44917635b1discoverystealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon family

      raccoon

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks