Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1476d6de5655cd75b02e84ab01a69d62220888e48bce181511a24401f864cdcb

  • Size

    3.0MB

  • Sample

    211206-wv8t8shga5

  • MD5

    ca276fd46d543ceaf2af9b94f22aa7c7

  • SHA1

    30ce7c040a08f63d8c34e0f574c7605ac767ec4e

  • SHA256

    1476d6de5655cd75b02e84ab01a69d62220888e48bce181511a24401f864cdcb

  • SHA512

    2c06f8adbe1fed4bc1e9d3f285881da927b6cd90abb1198a63d5bf6c03f749d4877d5e66202497871e13f415d006b5a48708b9b11a6b2d646344b2b7dc7db796

Score
10/10
raccoon207ed4c493cfb59cd2f2f0a338be988518497063evasionstealertrojan

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

207ed4c493cfb59cd2f2f0a338be988518497063

Attributes
  • url4cnc

    http://91.219.236.27/marker2o1

    http://94.158.245.167/marker2o1

    http://185.163.204.216/marker2o1

    http://185.225.19.238/marker2o1

    http://185.163.204.218/marker2o1

    https://t.me/marker2o1

rc4.plain
rc4.plain

Targets

    • Target

      1476d6de5655cd75b02e84ab01a69d62220888e48bce181511a24401f864cdcb

    • Size

      3.0MB

    • MD5

      ca276fd46d543ceaf2af9b94f22aa7c7

    • SHA1

      30ce7c040a08f63d8c34e0f574c7605ac767ec4e

    • SHA256

      1476d6de5655cd75b02e84ab01a69d62220888e48bce181511a24401f864cdcb

    • SHA512

      2c06f8adbe1fed4bc1e9d3f285881da927b6cd90abb1198a63d5bf6c03f749d4877d5e66202497871e13f415d006b5a48708b9b11a6b2d646344b2b7dc7db796

    Score
    10/10
    raccoon207ed4c493cfb59cd2f2f0a338be988518497063evasionstealertrojan

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks