Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9

  • Size

    513KB

  • Sample

    211002-n84tfaedgp

  • MD5

    4d0f90fb39427a8bf7072403f5e0d746

  • SHA1

    06186e6498b8120dd1f733e57231215e6f9945fe

  • SHA256

    89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9

  • SHA512

    5c759659a6199b81d59f86b69d3985329fe39d0dcf6b6a15eac721129f5d1e5bff8b4cb56eb9aee07213fb097956dc796aceb369c534b2807a8398c89806747b

Score
10/10
raccoon1ec902112b48b86eaf116e67218e531d05852427collectiondiscoveryspywarestealersuricata

Malware Config

Extracted

Family

raccoon

Version

1.8.2

Botnet

1ec902112b48b86eaf116e67218e531d05852427

Attributes
  • url4cnc

    http://teletop.top/papatikmikr0

    http://teleta.top/papatikmikr0

    https://t.me/papatikmikr0

rc4.plain
rc4.plain

Targets

    • Target

      89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9

    • Size

      513KB

    • MD5

      4d0f90fb39427a8bf7072403f5e0d746

    • SHA1

      06186e6498b8120dd1f733e57231215e6f9945fe

    • SHA256

      89b3ed9d4b3daa09b18db0ee62d8c7b652f3101299a6fc9ca0245bb6a6ded9b9

    • SHA512

      5c759659a6199b81d59f86b69d3985329fe39d0dcf6b6a15eac721129f5d1e5bff8b4cb56eb9aee07213fb097956dc796aceb369c534b2807a8398c89806747b

    Score
    10/10
    raccoon1ec902112b48b86eaf116e67218e531d05852427collectiondiscoveryspywarestealersuricata

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

      suricata: ET MALWARE Win32.Raccoon Stealer CnC Activity (dependency download)

      suricata

    • suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

      suricata: ET MALWARE Win32.Raccoon Stealer Data Exfil Attempt

      suricata

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks