Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f2c3d60fabf26d613bfd37689ba0f6efc30046d43fd64cbf75e00dc050e6e1a

  • Size

    240KB

  • Sample

    211208-pshfyadba2

  • MD5

    7b18010dedfd8c6c04e9c2cfddd0f28c

  • SHA1

    28e9fc1c01e0fa1212334dc01e90b533b016d422

  • SHA256

    1f2c3d60fabf26d613bfd37689ba0f6efc30046d43fd64cbf75e00dc050e6e1a

  • SHA512

    e6e3f7e5e861a7cefc373ee0eaf6bfecf3d16d4ffe04fb1b12b77455a2f254a404ffee7e6f8fb73e154f9313666f5227a578d76bcaa703063000cf06e23a6384

Score
10/10
bazarloaderraccoonredlinesmokeloader9b4d9fd590b29ce138ea6588ff16e70405b63efdf797145799b7b1b77b35d81de942eee0908da519fd4f23250443a724a3d1548e6ab07c481dfc2814backdoordiscoverydropperinfostealerloaderspywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/
rc4.i32
rc4.i32

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

f797145799b7b1b77b35d81de942eee0908da519

Attributes
  • url4cnc

    http://91.219.236.27/capibar

    http://94.158.245.167/capibar

    http://185.163.204.216/capibar

    http://185.225.19.238/capibar

    http://185.163.204.218/capibar

    https://t.me/capibar

rc4.plain
rc4.plain

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

fd4f23250443a724a3d1548e6ab07c481dfc2814

Attributes
  • url4cnc

    http://91.219.236.27/duglassa1

    http://94.158.245.167/duglassa1

    http://185.163.204.216/duglassa1

    http://185.225.19.238/duglassa1

    http://185.163.204.218/duglassa1

    https://t.me/duglassa1

rc4.plain
rc4.plain

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

9b4d9fd590b29ce138ea6588ff16e70405b63efd

Attributes
  • url4cnc

    http://185.163.204.216/kaba4ello

    http://185.225.19.238/kaba4ello

    http://185.163.204.218/kaba4ello

    https://t.me/kaba4ello

rc4.plain
rc4.plain

Targets

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks