Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    081371f7966f3c623e20fcde43459464a5bb68646e59ecc6948bb9104ceb6f24

  • Size

    547KB

  • Sample

    211108-en4s9sbcc2

  • MD5

    b90a857581e41ece9c786b0e21d887a1

  • SHA1

    8ea89472c226f6dc9848758e1463471b359607ee

  • SHA256

    081371f7966f3c623e20fcde43459464a5bb68646e59ecc6948bb9104ceb6f24

  • SHA512

    0fe06371b35322e2718fe4e880ce9cbaa80276bcdff1c3213c213019722e4f132fd14b70fb20047fff215ef33158da0102dd05206c4796d8ead7e0aeb01b8791

Score
10/10
raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes
  • url4cnc

    http://178.23.190.57/agrybirdsgamerept

    http://91.219.236.162/agrybirdsgamerept

    http://185.163.47.176/agrybirdsgamerept

    http://193.38.54.238/agrybirdsgamerept

    http://74.119.192.122/agrybirdsgamerept

    http://91.219.236.240/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      081371f7966f3c623e20fcde43459464a5bb68646e59ecc6948bb9104ceb6f24

    • Size

      547KB

    • MD5

      b90a857581e41ece9c786b0e21d887a1

    • SHA1

      8ea89472c226f6dc9848758e1463471b359607ee

    • SHA256

      081371f7966f3c623e20fcde43459464a5bb68646e59ecc6948bb9104ceb6f24

    • SHA512

      0fe06371b35322e2718fe4e880ce9cbaa80276bcdff1c3213c213019722e4f132fd14b70fb20047fff215ef33158da0102dd05206c4796d8ead7e0aeb01b8791

    Score
    10/10
    raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix

Tasks