Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdcabde9dac29762671f619a1b5daffb129ce64a69a9bf8186e47efbcb4243b9

  • Size

    534KB

  • Sample

    211108-mfh6lahabj

  • MD5

    2c75fda3755d0a1329e8b82df81c0924

  • SHA1

    8d5577907733a6deb546118814cd218e9609e470

  • SHA256

    fdcabde9dac29762671f619a1b5daffb129ce64a69a9bf8186e47efbcb4243b9

  • SHA512

    8231704b4c60fbe2de820c623e34d0fc1b9299139154e2c614d1c29518c1b5fc765a8c439cf1863c0a5d4339c64a6f01d321270296a141292f544b3db289705f

Score
10/10
raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3

Botnet

243f5e3056753d9f9706258dce4f79e57c3a9c44

Attributes
  • url4cnc

    http://178.23.190.57/agrybirdsgamerept

    http://91.219.236.162/agrybirdsgamerept

    http://185.163.47.176/agrybirdsgamerept

    http://193.38.54.238/agrybirdsgamerept

    http://74.119.192.122/agrybirdsgamerept

    http://91.219.236.240/agrybirdsgamerept

rc4.plain
rc4.plain

Targets

    • Target

      fdcabde9dac29762671f619a1b5daffb129ce64a69a9bf8186e47efbcb4243b9

    • Size

      534KB

    • MD5

      2c75fda3755d0a1329e8b82df81c0924

    • SHA1

      8d5577907733a6deb546118814cd218e9609e470

    • SHA256

      fdcabde9dac29762671f619a1b5daffb129ce64a69a9bf8186e47efbcb4243b9

    • SHA512

      8231704b4c60fbe2de820c623e34d0fc1b9299139154e2c614d1c29518c1b5fc765a8c439cf1863c0a5d4339c64a6f01d321270296a141292f544b3db289705f

    Score
    10/10
    raccoon243f5e3056753d9f9706258dce4f79e57c3a9c44stealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1

MITRE ATT&CK Matrix

Tasks