Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b690da65f1d7971d20a7bed0e523b3ec34a95779cf5e62b9a8aad224dd9bb9b

  • Size

    547KB

  • Sample

    211108-ewhwrsgebm

  • MD5

    633af663554538cd960aff6112c96442

  • SHA1

    a41db145afcb35f26b82ac4d23d12e7382361e75

  • SHA256

    3b690da65f1d7971d20a7bed0e523b3ec34a95779cf5e62b9a8aad224dd9bb9b

  • SHA512

    988565545d836c635e47b62a5dae0bd659f770b83ec347db8491af79dd5bea7fe54b8fe1876e758015c1e871f32795eae206d5fa41a2e6a0063b4ae1e41e757a

Score
10/10
raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes
  • url4cnc

    http://178.23.190.57/agrybirdsgamerept

    http://91.219.236.162/agrybirdsgamerept

    http://185.163.47.176/agrybirdsgamerept

    http://193.38.54.238/agrybirdsgamerept

    http://74.119.192.122/agrybirdsgamerept

    http://91.219.236.240/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      3b690da65f1d7971d20a7bed0e523b3ec34a95779cf5e62b9a8aad224dd9bb9b

    • Size

      547KB

    • MD5

      633af663554538cd960aff6112c96442

    • SHA1

      a41db145afcb35f26b82ac4d23d12e7382361e75

    • SHA256

      3b690da65f1d7971d20a7bed0e523b3ec34a95779cf5e62b9a8aad224dd9bb9b

    • SHA512

      988565545d836c635e47b62a5dae0bd659f770b83ec347db8491af79dd5bea7fe54b8fe1876e758015c1e871f32795eae206d5fa41a2e6a0063b4ae1e41e757a

    Score
    10/10
    raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix

Tasks