Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c30d21f796fe02e8e6de2823d8a925a5d3d6c2b248c134e78c18d07d3cb657d

  • Size

    688KB

  • Sample

    220120-k5jgjshcdp

  • MD5

    5866cb2e91f79585ac02ed16c4704baf

  • SHA1

    13b9a65ff70b9513980b31c27d3e7385ccc0c20d

  • SHA256

    6c30d21f796fe02e8e6de2823d8a925a5d3d6c2b248c134e78c18d07d3cb657d

  • SHA512

    9a1858776986cc5b4798bf77044de49501c95f83167b50fd8c8161737465157ba495e361326d338eb0aed18f32856aeac0eaeedce407703323a9b9fe07fe43d3

Score
10/10
raccoon470193d69fd872b73819c5e70dc68242c10ccbcepersistencestealer

Malware Config

Extracted

Family

raccoon

Version

1.8.5

Botnet

470193d69fd872b73819c5e70dc68242c10ccbce

Attributes
  • url4cnc

    http://185.163.204.22/capibar

    http://178.62.113.205/capibar

    https://t.me/capibar

rc4.plain
rc4.plain

Targets

    • Target

      6c30d21f796fe02e8e6de2823d8a925a5d3d6c2b248c134e78c18d07d3cb657d

    • Size

      688KB

    • MD5

      5866cb2e91f79585ac02ed16c4704baf

    • SHA1

      13b9a65ff70b9513980b31c27d3e7385ccc0c20d

    • SHA256

      6c30d21f796fe02e8e6de2823d8a925a5d3d6c2b248c134e78c18d07d3cb657d

    • SHA512

      9a1858776986cc5b4798bf77044de49501c95f83167b50fd8c8161737465157ba495e361326d338eb0aed18f32856aeac0eaeedce407703323a9b9fe07fe43d3

    Score
    10/10
    raccoon470193d69fd872b73819c5e70dc68242c10ccbcepersistencestealer

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • Sets service image path in registry

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks