Overview

overview

10

Static

static

3

JaffaCakes...8d.exe

windows7-x64

10

JaffaCakes...8d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7e2f18cb1139e948eb11e94daa12be8a594b0810d9d4bcc83c703ba98009038d

  • Size

    726.7MB

  • Sample

    241230-ep385axpbj

  • MD5

    f16a0942989178ba0b8127b020a2ba9c

  • SHA1

    9ee72b44d5d96f9b5e4f19e1d7dc38b6a8d80521

  • SHA256

    7e2f18cb1139e948eb11e94daa12be8a594b0810d9d4bcc83c703ba98009038d

  • SHA512

    cc9c2549604e2393d2b9590d3fb881f26dabba7bd6c02f5772794d415571f4dcf28af7b6c3ac78b5a7352ed61477044b0db06358d768f6a91d8dda7d90bbc99b

  • SSDEEP

    196608:P6crT2kPp+sFjv0aqYFZNrEQxEDlSlQ9Ky:P6mTZPpRjv0aqYFZNrpxEDw4

Score
10/10
raccoon0dcbeb99ec1adc5c2b2b94dc1e3fd2c4discoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

0dcbeb99ec1adc5c2b2b94dc1e3fd2c4

C2

http://94.131.107.132/

Attributes
  • user_agent

    TakeMyPainBack

xor.plain

Targets

    • Target

      JaffaCakes118_7e2f18cb1139e948eb11e94daa12be8a594b0810d9d4bcc83c703ba98009038d

    • Size

      726.7MB

    • MD5

      f16a0942989178ba0b8127b020a2ba9c

    • SHA1

      9ee72b44d5d96f9b5e4f19e1d7dc38b6a8d80521

    • SHA256

      7e2f18cb1139e948eb11e94daa12be8a594b0810d9d4bcc83c703ba98009038d

    • SHA512

      cc9c2549604e2393d2b9590d3fb881f26dabba7bd6c02f5772794d415571f4dcf28af7b6c3ac78b5a7352ed61477044b0db06358d768f6a91d8dda7d90bbc99b

    • SSDEEP

      196608:P6crT2kPp+sFjv0aqYFZNrEQxEDlSlQ9Ky:P6mTZPpRjv0aqYFZNrpxEDw4

    Score
    10/10
    raccoon0dcbeb99ec1adc5c2b2b94dc1e3fd2c4discoverystealer

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Raccoon family

      raccoon

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks