General
-
Target
b0c9046c86091df27b548d62e9788080N
-
Size
829KB
-
Sample
240914-1b37vsxfjb
-
MD5
b0c9046c86091df27b548d62e9788080
-
SHA1
727782410016fde0bad9832c95d0930191339ca8
-
SHA256
c43ec2685a469d8e2a00a3ed29dd861a850625324c9433161ea62345b9a8ec77
-
SHA512
db372246d1b1e7384d37c862a843f1bc31e2ec6385f938afc86dc087e68b0273634ae67fad63b7badd3e9d756440f18e25320290297c7f9b677a1484875e7c7f
-
SSDEEP
12288:DMSApJVYG5lDLyjsb0eOzkkBR7QnvswUilQ35+6G75X9IvhBjvrEH7C:DnsJ39LyjbJk6FMymC+6G99ArEH7C
Static task
static1
Behavioral task
behavioral1
Sample
b0c9046c86091df27b548d62e9788080N.exe
Resource
win7-20240903-en
Malware Config
Extracted
xred
xred.mooo.com
-
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
http://xred.site50.net/syn/SUpdate.ini
https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
http://xred.site50.net/syn/Synaptics.rar
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
http://xred.site50.net/syn/SSLLibrary.dll
Targets
-
-
Target
b0c9046c86091df27b548d62e9788080N
-
Size
829KB
-
MD5
b0c9046c86091df27b548d62e9788080
-
SHA1
727782410016fde0bad9832c95d0930191339ca8
-
SHA256
c43ec2685a469d8e2a00a3ed29dd861a850625324c9433161ea62345b9a8ec77
-
SHA512
db372246d1b1e7384d37c862a843f1bc31e2ec6385f938afc86dc087e68b0273634ae67fad63b7badd3e9d756440f18e25320290297c7f9b677a1484875e7c7f
-
SSDEEP
12288:DMSApJVYG5lDLyjsb0eOzkkBR7QnvswUilQ35+6G75X9IvhBjvrEH7C:DnsJ39LyjbJk6FMymC+6G99ArEH7C
-
Floxif family
-
Xred family
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-