Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5bc867729c1b3b01ff0d25c4bb0c2050ea8c9c0ff64ce180c5ce59963240b05e

  • Size

    426KB

  • Sample

    211102-tbpwxahcem

  • MD5

    e21c50709464802e5dad384a43e62c7a

  • SHA1

    37e38fc325cd819570dbaf6b437c46db7a2cce08

  • SHA256

    5bc867729c1b3b01ff0d25c4bb0c2050ea8c9c0ff64ce180c5ce59963240b05e

  • SHA512

    363b737330019a68a1fe2e0fbea28009b04018c5e580d3eb976685d88d2f4bb5246db161cfa7f7829c5dff2ea887d27c32c1fbb9f2f1680d8ae6236eabb325db

Score
10/10
raccoon68e2d75238f7c69859792d206401b6bde2b2515cstealer

Malware Config

Extracted

Family

raccoon

Botnet

68e2d75238f7c69859792d206401b6bde2b2515c

Attributes
  • url4cnc

    http://telegalive.top/agrybirdsgamerept

    http://toptelete.top/agrybirdsgamerept

    http://telegraf.top/agrybirdsgamerept

    https://t.me/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      5bc867729c1b3b01ff0d25c4bb0c2050ea8c9c0ff64ce180c5ce59963240b05e

    • Size

      426KB

    • MD5

      e21c50709464802e5dad384a43e62c7a

    • SHA1

      37e38fc325cd819570dbaf6b437c46db7a2cce08

    • SHA256

      5bc867729c1b3b01ff0d25c4bb0c2050ea8c9c0ff64ce180c5ce59963240b05e

    • SHA512

      363b737330019a68a1fe2e0fbea28009b04018c5e580d3eb976685d88d2f4bb5246db161cfa7f7829c5dff2ea887d27c32c1fbb9f2f1680d8ae6236eabb325db

    Score
    10/10
    raccoon68e2d75238f7c69859792d206401b6bde2b2515cstealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix

Tasks