Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecd68399bd3ffe3a7d26af7151307ec42de505a8195679659e76adf4a8531e2d

  • Size

    429KB

  • Sample

    210908-ed4eragggk

  • MD5

    d53f8c4183070ca91161d3d047affaa9

  • SHA1

    460526b1d2d78b0c93dce88c06558c8cf821e8a4

  • SHA256

    ecd68399bd3ffe3a7d26af7151307ec42de505a8195679659e76adf4a8531e2d

  • SHA512

    a2d69a417ef4121c9b9a7ece270836aa5a02aa8ce27cc0acc496fe0742a66900239e50e77c4685a2912a84c126b176b74cdc0b97771fb8b4574237f9c8fa0192

Score
10/10
raccoon93d3ccba4a3cbd5e268873fc1760b2335272e198spywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

93d3ccba4a3cbd5e268873fc1760b2335272e198

Attributes
  • url4cnc

    https://telete.in/opa4kiprivatem

rc4.plain
rc4.plain

Targets

    • Target

      ecd68399bd3ffe3a7d26af7151307ec42de505a8195679659e76adf4a8531e2d

    • Size

      429KB

    • MD5

      d53f8c4183070ca91161d3d047affaa9

    • SHA1

      460526b1d2d78b0c93dce88c06558c8cf821e8a4

    • SHA256

      ecd68399bd3ffe3a7d26af7151307ec42de505a8195679659e76adf4a8531e2d

    • SHA512

      a2d69a417ef4121c9b9a7ece270836aa5a02aa8ce27cc0acc496fe0742a66900239e50e77c4685a2912a84c126b176b74cdc0b97771fb8b4574237f9c8fa0192

    Score
    10/10
    raccoon93d3ccba4a3cbd5e268873fc1760b2335272e198spywarestealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks