Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a2a26f5c0beab62a06d8dac9f6a3aa2e3e4cf554ca87c7851bf5adeb86ad588

  • Size

    482KB

  • Sample

    211107-bxfk9ageb3

  • MD5

    e515ff41163d39cf4b929d27808b12c9

  • SHA1

    4942b689920659fc9d78a96ed56c9df6838bc1bc

  • SHA256

    7a2a26f5c0beab62a06d8dac9f6a3aa2e3e4cf554ca87c7851bf5adeb86ad588

  • SHA512

    30c8d570d0dd2d6164060865afb6a10a493d7de2371b84125b8a9f8b0d91b35e1df52975d0c99b69e794e59efdbdf1971702f9e6941edcfdaccb5b9dcb864131

Score
10/10
raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes
  • url4cnc

    http://178.23.190.57/agrybirdsgamerept

    http://91.219.236.162/agrybirdsgamerept

    http://185.163.47.176/agrybirdsgamerept

    http://193.38.54.238/agrybirdsgamerept

    http://74.119.192.122/agrybirdsgamerept

    http://91.219.236.240/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      7a2a26f5c0beab62a06d8dac9f6a3aa2e3e4cf554ca87c7851bf5adeb86ad588

    • Size

      482KB

    • MD5

      e515ff41163d39cf4b929d27808b12c9

    • SHA1

      4942b689920659fc9d78a96ed56c9df6838bc1bc

    • SHA256

      7a2a26f5c0beab62a06d8dac9f6a3aa2e3e4cf554ca87c7851bf5adeb86ad588

    • SHA512

      30c8d570d0dd2d6164060865afb6a10a493d7de2371b84125b8a9f8b0d91b35e1df52975d0c99b69e794e59efdbdf1971702f9e6941edcfdaccb5b9dcb864131

    Score
    10/10
    raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix

Tasks