Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    67s
  • max time network
    138s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    18-10-2021 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef0cd7ca55ad803019d2048eda92bfafb2e0fcdef7739d01015e3eb35dd4c07b.exe

  • Size

    3.8MB

  • MD5

    668656cd25b7af46075db91e4eeaf9bf

  • SHA1

    a8eb80d6470bf59051359d10822498df6ee8bd36

  • SHA256

    ef0cd7ca55ad803019d2048eda92bfafb2e0fcdef7739d01015e3eb35dd4c07b

  • SHA512

    26e9b44b81b4d106e9972225717e6f4bfd42f6c77e51d9a8c8e4639a605a3d3e708081b4780d670c906e2ac19854c42504c7cf69728b0ba7655d9379e9da88c9

Score
10/10
raccooncf3e15a8aec8fe7eead8f124a5222c57fad37d42stealer

Malware Config

Extracted

Family

raccoon

Botnet

cf3e15a8aec8fe7eead8f124a5222c57fad37d42

Attributes
  • url4cnc

    http://telegatt.top/dodgeneontwinturbo

    http://telegka.top/dodgeneontwinturbo

    http://telegin.top/dodgeneontwinturbo

    https://t.me/dodgeneontwinturbo

rc4.plain
rc4.plain

Signatures

  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef0cd7ca55ad803019d2048eda92bfafb2e0fcdef7739d01015e3eb35dd4c07b.exe
    "C:\Users\Admin\AppData\Local\Temp\ef0cd7ca55ad803019d2048eda92bfafb2e0fcdef7739d01015e3eb35dd4c07b.exe"
    1⤵
      PID:2160
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 968
        2⤵
        • Suspicious use of NtCreateProcessExOtherParentProcess
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3680

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2160-115-0x0000000000010000-0x00000000005F6000-memory.dmp
      Filesize

      5.9MB

      Download