Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b22c827cfafbd1dd10a3d9582fb86d35f4cc89e3b622997f6dd9c3a2f18566c3

  • Size

    547KB

  • Sample

    211107-t2tyjsaeg4

  • MD5

    ba8c9fe7f2be8158afd346f6d53467c6

  • SHA1

    32239a11f8a6c4205ee524b8fe37a5cea715c88e

  • SHA256

    b22c827cfafbd1dd10a3d9582fb86d35f4cc89e3b622997f6dd9c3a2f18566c3

  • SHA512

    4519386dd83f48169f7606da4b2c55288d0eab587550e1d84dd881647f70aa68a7f6bc2fcc4a3c490c1d1a561607292238a8c435f367c4db8d2c0c8108dad192

Score
10/10
raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes
  • url4cnc

    http://178.23.190.57/agrybirdsgamerept

    http://91.219.236.162/agrybirdsgamerept

    http://185.163.47.176/agrybirdsgamerept

    http://193.38.54.238/agrybirdsgamerept

    http://74.119.192.122/agrybirdsgamerept

    http://91.219.236.240/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      b22c827cfafbd1dd10a3d9582fb86d35f4cc89e3b622997f6dd9c3a2f18566c3

    • Size

      547KB

    • MD5

      ba8c9fe7f2be8158afd346f6d53467c6

    • SHA1

      32239a11f8a6c4205ee524b8fe37a5cea715c88e

    • SHA256

      b22c827cfafbd1dd10a3d9582fb86d35f4cc89e3b622997f6dd9c3a2f18566c3

    • SHA512

      4519386dd83f48169f7606da4b2c55288d0eab587550e1d84dd881647f70aa68a7f6bc2fcc4a3c490c1d1a561607292238a8c435f367c4db8d2c0c8108dad192

    Score
    10/10
    raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix

Tasks