Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f392b80751f68108845c969c93f9354542716918f2bc3795aba984a94610eae3

  • Size

    464KB

  • Sample

    211027-2tpymagfh3

  • MD5

    1c97541dbaa2f373fc124d7303e3497d

  • SHA1

    570b0da1622c1259bc1403e25e8602494966fe6a

  • SHA256

    f392b80751f68108845c969c93f9354542716918f2bc3795aba984a94610eae3

  • SHA512

    e2c34f6d25d4fa6da23b1cd0bbf9096b4b3c956c8375ea6b704b4ab6b0b4a0314f9b27471879ea4eca6bf5c44add350ec44c70aa6d7a7212c28b67e25aa7cad9

Score
10/10
raccoon60e59be328fbd2ebac1839ea99411dccb00a6f49stealer

Malware Config

Extracted

Family

raccoon

Botnet

60e59be328fbd2ebac1839ea99411dccb00a6f49

Attributes
  • url4cnc

    http://telegin.top/agrybirdsgamerept

    http://ttmirror.top/agrybirdsgamerept

    http://teletele.top/agrybirdsgamerept

    http://telegalive.top/agrybirdsgamerept

    http://toptelete.top/agrybirdsgamerept

    http://telegraf.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      f392b80751f68108845c969c93f9354542716918f2bc3795aba984a94610eae3

    • Size

      464KB

    • MD5

      1c97541dbaa2f373fc124d7303e3497d

    • SHA1

      570b0da1622c1259bc1403e25e8602494966fe6a

    • SHA256

      f392b80751f68108845c969c93f9354542716918f2bc3795aba984a94610eae3

    • SHA512

      e2c34f6d25d4fa6da23b1cd0bbf9096b4b3c956c8375ea6b704b4ab6b0b4a0314f9b27471879ea4eca6bf5c44add350ec44c70aa6d7a7212c28b67e25aa7cad9

    Score
    10/10
    raccoon60e59be328fbd2ebac1839ea99411dccb00a6f49stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix

Tasks