Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8f44a5fb731edd68bc49dbc3653ecc000ebf1e9d12ddc2cee8b3a98b736bce3

  • Size

    218KB

  • Sample

    211110-lz74dsdhek

  • MD5

    fd3e54a7e76d6fba2266e61b7748a8ab

  • SHA1

    f404508cfc228a98f35f8bae9ad63c9db6e4dbed

  • SHA256

    b8f44a5fb731edd68bc49dbc3653ecc000ebf1e9d12ddc2cee8b3a98b736bce3

  • SHA512

    1cb7b68a764f18b14213cb0b291d0ee2a819841e771e920bf9206918daefd6ac791426dcd43de116ef359d29e296664c5b1f640a80710f1933b46272a09cfe6e

Score
10/10
raccoonsmokeloaderfcdc156d3872c18d25e3ee45499599b45e492a67backdoorstealertrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://misha.at/upload/

http://roohaniinfra.com/upload/

http://0axqpcc.cn/upload/

http://mayak-lombard.ru/upload/

http://mebel-lass.ru/upload/

http://dishakhan.com/upload/
rc4.i32
rc4.i32

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

fcdc156d3872c18d25e3ee45499599b45e492a67

Attributes
  • url4cnc

    http://178.23.190.57/rino115sipsip

    http://91.219.236.162/rino115sipsip

    http://185.163.47.176/rino115sipsip

    http://193.38.54.238/rino115sipsip

    http://74.119.192.122/rino115sipsip

    http://91.219.236.240/rino115sipsip

    https://t.me/rino115sipsip

rc4.plain
rc4.plain

Targets

    • Target

      b8f44a5fb731edd68bc49dbc3653ecc000ebf1e9d12ddc2cee8b3a98b736bce3

    • Size

      218KB

    • MD5

      fd3e54a7e76d6fba2266e61b7748a8ab

    • SHA1

      f404508cfc228a98f35f8bae9ad63c9db6e4dbed

    • SHA256

      b8f44a5fb731edd68bc49dbc3653ecc000ebf1e9d12ddc2cee8b3a98b736bce3

    • SHA512

      1cb7b68a764f18b14213cb0b291d0ee2a819841e771e920bf9206918daefd6ac791426dcd43de116ef359d29e296664c5b1f640a80710f1933b46272a09cfe6e

    Score
    10/10
    raccoonsmokeloaderfcdc156d3872c18d25e3ee45499599b45e492a67backdoorstealertrojan

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks