Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72d3a19ac6cc593b7db8c6338706182f704a0cf15ada2f74a3faf3a847d21bea

  • Size

    482KB

  • Sample

    211107-dsd8qsghh6

  • MD5

    6c0600b411df88d512fd4d13efbbf14a

  • SHA1

    e6abda4b7165bb40db3c15e2608487015f4fea72

  • SHA256

    72d3a19ac6cc593b7db8c6338706182f704a0cf15ada2f74a3faf3a847d21bea

  • SHA512

    6539f4ccd266d847ac07f244d9943c708afd59b990a9211fe38c6c14898dc56ae1a8620dd6219585a9b552f1e6cd76eeca6c29a985a8a90d1c7b27155b7be2cf

Score
10/10
raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes
  • url4cnc

    http://178.23.190.57/agrybirdsgamerept

    http://91.219.236.162/agrybirdsgamerept

    http://185.163.47.176/agrybirdsgamerept

    http://193.38.54.238/agrybirdsgamerept

    http://74.119.192.122/agrybirdsgamerept

    http://91.219.236.240/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      72d3a19ac6cc593b7db8c6338706182f704a0cf15ada2f74a3faf3a847d21bea

    • Size

      482KB

    • MD5

      6c0600b411df88d512fd4d13efbbf14a

    • SHA1

      e6abda4b7165bb40db3c15e2608487015f4fea72

    • SHA256

      72d3a19ac6cc593b7db8c6338706182f704a0cf15ada2f74a3faf3a847d21bea

    • SHA512

      6539f4ccd266d847ac07f244d9943c708afd59b990a9211fe38c6c14898dc56ae1a8620dd6219585a9b552f1e6cd76eeca6c29a985a8a90d1c7b27155b7be2cf

    Score
    10/10
    raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix

Tasks