Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e7efe699071b61e51c2e5ef1bdfe39adeec0592af69377d887be0f333b887b4

  • Size

    466KB

  • Sample

    211028-rfqynabga8

  • MD5

    9affce9df72fd79f181632e849bff085

  • SHA1

    edc53fa4bc42443f7920dc94c0ad62517f104c2b

  • SHA256

    3e7efe699071b61e51c2e5ef1bdfe39adeec0592af69377d887be0f333b887b4

  • SHA512

    98d443a6dee7897a3c3174ef085038e250ad7be1ab1db4e6b5513e7bab0fb4039ffaf3a273733a9f96567974a3b086134fa8135bcb6b5d37857b80cc45407a64

Score
10/10
raccoon60e59be328fbd2ebac1839ea99411dccb00a6f49stealer

Malware Config

Extracted

Family

raccoon

Botnet

60e59be328fbd2ebac1839ea99411dccb00a6f49

Attributes
  • url4cnc

    http://telegin.top/agrybirdsgamerept

    http://ttmirror.top/agrybirdsgamerept

    http://teletele.top/agrybirdsgamerept

    http://telegalive.top/agrybirdsgamerept

    http://toptelete.top/agrybirdsgamerept

    http://telegraf.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      3e7efe699071b61e51c2e5ef1bdfe39adeec0592af69377d887be0f333b887b4

    • Size

      466KB

    • MD5

      9affce9df72fd79f181632e849bff085

    • SHA1

      edc53fa4bc42443f7920dc94c0ad62517f104c2b

    • SHA256

      3e7efe699071b61e51c2e5ef1bdfe39adeec0592af69377d887be0f333b887b4

    • SHA512

      98d443a6dee7897a3c3174ef085038e250ad7be1ab1db4e6b5513e7bab0fb4039ffaf3a273733a9f96567974a3b086134fa8135bcb6b5d37857b80cc45407a64

    Score
    10/10
    raccoon60e59be328fbd2ebac1839ea99411dccb00a6f49stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix

Tasks