Overview

overview

10

Static

static

3

JaffaCakes...99.exe

windows7-x64

10

JaffaCakes...99.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    92s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05-01-2025 06:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_906bf68f10d642ba7f5fb9685249db99.exe

  • Size

    581KB

  • MD5

    906bf68f10d642ba7f5fb9685249db99

  • SHA1

    ddc876cf17c2cc3b38a02f75770522c5cf939ef6

  • SHA256

    cc98ee14bc8504ed2dae9d010c7f209775de51f9f31086814e2fb6b42baa7cb5

  • SHA512

    500a0c0f422e08fb68a292bc8c2a959be653ee1aef9607070d49bd11255da0e60679dc30517b48831c1ae46fb74aeedc325279bccc7bfaac5a88e752a961b223

  • SSDEEP

    12288:hQzY+9+bMw7eyUnFafcqTUiHrC9wahAwgUPHMrpTZg83CJWW4tDM:h69/essQiLwwaFgrZg83LM

Score
10/10
raccoon7ebf9b416b72a203df65383eec899dc689d2c3d7discoverystealer

Malware Config

Extracted

Family

raccoon

Botnet

7ebf9b416b72a203df65383eec899dc689d2c3d7

Attributes
  • url4cnc

    http://telegatt.top/agrybirdsgamerept

    http://telegka.top/agrybirdsgamerept

    http://telegin.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 6 IoCs
  • Raccoon family
    raccoon
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_906bf68f10d642ba7f5fb9685249db99.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_906bf68f10d642ba7f5fb9685249db99.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1308-1-0x00000000008D0000-0x00000000009D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1308-2-0x0000000000220000-0x00000000002AE000-memory.dmp

    Filesize

    568KB

    Download

  • memory/1308-3-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/1308-4-0x00000000008D0000-0x00000000009D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1308-6-0x0000000000220000-0x00000000002AE000-memory.dmp

    Filesize

    568KB

    Download

  • memory/1308-5-0x0000000000400000-0x00000000007C3000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1308-7-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/1308-16-0x0000000000400000-0x00000000007C3000-memory.dmp

    Filesize

    3.8MB

    Download