Analysis Overview
SHA256
5d1b978e6d2896796f0f63043ecaa1748c1c7245ccda02115afc5594e3f5e3b1
Threat Level: Known bad
The file JaffaCakes118_c1bc0cca3a8784bbc7d5d3e9e47e6ba4 was found to be: Known bad.
Malicious Activity Summary
Raccoon
Raccoon Stealer V1 payload
Raccoon family
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-09 06:57
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-09 06:57
Reported
2025-01-09 07:00
Platform
win7-20240903-en
Max time kernel
141s
Max time network
117s
Command Line
Signatures
Raccoon
Raccoon Stealer V1 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Raccoon family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1bc0cca3a8784bbc7d5d3e9e47e6ba4.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1bc0cca3a8784bbc7d5d3e9e47e6ba4.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1bc0cca3a8784bbc7d5d3e9e47e6ba4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | telegatt.top | udp |
| US | 8.8.8.8:53 | telegka.top | udp |
| US | 107.178.223.183:80 | telegka.top | tcp |
| US | 107.178.223.183:80 | telegka.top | tcp |
| US | 107.178.223.183:80 | telegka.top | tcp |
| US | 107.178.223.183:80 | telegka.top | tcp |
| US | 107.178.223.183:80 | telegka.top | tcp |
| US | 107.178.223.183:80 | telegka.top | tcp |
| US | 8.8.8.8:53 | telegin.top | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
Files
memory/2936-1-0x00000000017E0000-0x00000000018E0000-memory.dmp
memory/2936-2-0x0000000000310000-0x000000000039E000-memory.dmp
memory/2936-3-0x0000000000400000-0x0000000000491000-memory.dmp
memory/2936-4-0x00000000017E0000-0x00000000018E0000-memory.dmp
memory/2936-5-0x0000000000310000-0x000000000039E000-memory.dmp
memory/2936-7-0x0000000000400000-0x0000000000491000-memory.dmp
memory/2936-6-0x0000000000400000-0x00000000016FB000-memory.dmp
memory/2936-16-0x0000000000400000-0x00000000016FB000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-09 06:57
Reported
2025-01-09 07:00
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
149s
Command Line
Signatures
Raccoon
Raccoon Stealer V1 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Raccoon family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1bc0cca3a8784bbc7d5d3e9e47e6ba4.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1bc0cca3a8784bbc7d5d3e9e47e6ba4.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c1bc0cca3a8784bbc7d5d3e9e47e6ba4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | telegatt.top | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telegatt.top | udp |
| US | 8.8.8.8:53 | telegatt.top | udp |
| US | 8.8.8.8:53 | telegka.top | udp |
| US | 104.155.138.21:80 | telegka.top | tcp |
| US | 8.8.8.8:53 | 21.138.155.104.in-addr.arpa | udp |
| US | 104.155.138.21:80 | telegka.top | tcp |
| US | 104.155.138.21:80 | telegka.top | tcp |
| US | 104.155.138.21:80 | telegka.top | tcp |
| US | 104.155.138.21:80 | telegka.top | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 104.155.138.21:80 | telegka.top | tcp |
| US | 8.8.8.8:53 | telegin.top | udp |
| US | 8.8.8.8:53 | telegin.top | udp |
| US | 8.8.8.8:53 | telegin.top | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/1512-1-0x0000000001820000-0x0000000001920000-memory.dmp
memory/1512-2-0x0000000003440000-0x00000000034CE000-memory.dmp
memory/1512-3-0x0000000000400000-0x0000000000491000-memory.dmp
memory/1512-4-0x0000000001820000-0x0000000001920000-memory.dmp
memory/1512-6-0x0000000003440000-0x00000000034CE000-memory.dmp
memory/1512-5-0x0000000000400000-0x00000000016FB000-memory.dmp
memory/1512-7-0x0000000000400000-0x0000000000491000-memory.dmp
memory/1512-14-0x0000000000400000-0x00000000016FB000-memory.dmp