Overview

overview

10

Static

static

dridex

windows10_x64

10
General
Target

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

Size

512KB

Sample

211002-l7m37aecfj

Score
10/10
MD5

de53e8d73fe96e1ceab93e3aee4751ec

SHA1

98e010e66213ba828ead9debe86263bca9407509

SHA256

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

SHA512

e2e692971b0fb5b1244b08e952045f6b342f968a2f5ba8f3d28b3e4cd0bf34af89c63a1923ca16991c43e6376cbab113b3c43d194dc8639ce8d04881bfdc95c5

Malware Config

Extracted

Family

raccoon
Version

1.8.2
Botnet

fd16367b73441d6f39c715f71a74a399a84f0b41
Attributes
url4cnc
http://teletop.top/terra11nc
http://teleta.top/terra11nc
https://t.me/terra11nc
rc4.plain
rc4.plain
Targets
Target

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

MD5

de53e8d73fe96e1ceab93e3aee4751ec

Filesize

512KB

Score
10/10
SHA1

98e010e66213ba828ead9debe86263bca9407509

SHA256

c8457e14bf16d40d5e7f36f81982957ffa6cd2fe17a7c1a37333a133effc41a8

SHA512

e2e692971b0fb5b1244b08e952045f6b342f968a2f5ba8f3d28b3e4cd0bf34af89c63a1923ca16991c43e6376cbab113b3c43d194dc8639ce8d04881bfdc95c5

Tags

Signatures

  • Raccoon

    Description

    Simple but powerful infostealer which was very active in 2019.

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

    Tags

  • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Description

    suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Accesses Microsoft Outlook accounts

    Tags

    TTPs

    Email Collection

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation