Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    befd59bf9492e3c3ea2db26efdd690677c980be848a5a40e0ee9f7691cd8a1e5

  • Size

    482KB

  • Sample

    211106-2rwcmadeaq

  • MD5

    1eb74380d1ca6217563a340c87c0dae6

  • SHA1

    d4daa42f390d9832e4452ad782bd6c96e63b1735

  • SHA256

    befd59bf9492e3c3ea2db26efdd690677c980be848a5a40e0ee9f7691cd8a1e5

  • SHA512

    18ef8f00db177c1137c131360dd22e585394f10b6ab5afe72f7dd2efb660ad066caf469f75e61390664137aa713a082f65061310cc4097ce7e8a64b690e5017b

Score
10/10
raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes
  • url4cnc

    http://178.23.190.57/agrybirdsgamerept

    http://91.219.236.162/agrybirdsgamerept

    http://185.163.47.176/agrybirdsgamerept

    http://193.38.54.238/agrybirdsgamerept

    http://74.119.192.122/agrybirdsgamerept

    http://91.219.236.240/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      befd59bf9492e3c3ea2db26efdd690677c980be848a5a40e0ee9f7691cd8a1e5

    • Size

      482KB

    • MD5

      1eb74380d1ca6217563a340c87c0dae6

    • SHA1

      d4daa42f390d9832e4452ad782bd6c96e63b1735

    • SHA256

      befd59bf9492e3c3ea2db26efdd690677c980be848a5a40e0ee9f7691cd8a1e5

    • SHA512

      18ef8f00db177c1137c131360dd22e585394f10b6ab5afe72f7dd2efb660ad066caf469f75e61390664137aa713a082f65061310cc4097ce7e8a64b690e5017b

    Score
    10/10
    raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix

Tasks