xred | 7a0a5d13d56af8698e952fc82cf0e90695ad28cc99f4c5ea2d7374db15a20211

Sharing

Copy URL

Twitter E-mail

General

Target

Rat(8).zip
Size

577.7MB
Sample

241106-qe1wsssreq
MD5

9ed1b91363a556ca10e765ec28c35b2b
SHA1

b0b8e17e9aed66150f79c1cae7e32a270ecb43e9
SHA256

7a0a5d13d56af8698e952fc82cf0e90695ad28cc99f4c5ea2d7374db15a20211
SHA512

7b022faf960d237ee9ad46a271ca4fc8aed5dbef9638b782d0c725c8e925457e1ba4b8adffde8c39e66b9da11ed826721d92029687281ff8707f34f3a06a5a1a
SSDEEP

12582912:OSuGNhd5U3QGaiHRwgnzbFxaYMN33qAed78yrF9OsKI:Oed5UgWKeFnskd79FU+

Score

10^/10

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Targets

- Target
  
  CraxsRat V7.4/CraxsRat V7.4/CraxsRat V7.4.exe
- Size
  
  62.2MB
- MD5
  
  64c02477cd6d67ced767aa342b8f61c0
- SHA1
  
  6b488e3b0185e30721cfc49e33a2a98864464f8e
- SHA256
  
  0530181f39d786218085f317b23fc38c271c6b99bf063662c46948214a988eaa
- SHA512
  
  120da180771db3b685fa96cc648b74fbb51da37f004d754fd5470a6b1e46a67151fcdfc1e520d1057398f5315e4ceca8c75dfb6ea3e36cb55d3c775e18603346
- SSDEEP
  
  786432:cc+NX10EPRuHoA5AKF7zR/t6tKF+iS6JkKgApbLKo2R:D+NX10qwAMzttZm6CKXxIR
Score

10^/10

discovery evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/DrakeUI.Framework.dll
- Size
  
  1.6MB
- MD5
  
  0562b4c97f643306df491a938ae636da
- SHA1
  
  0807c37b711374ed4814a9518c9e264517de89a0
- SHA256
  
  70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80
- SHA512
  
  c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf
- SSDEEP
  
  24576:nYyUyUxws47SDJ+wfa3ZsacYwzhmT5LOMobxqFFnM9Pv1w+Fus:nYyUyUueD001YwzhmVSMoNqFF
Score

1^/10
behavioral3 behavioral4
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/GeoIPCitys.dll
- Size
  
  191KB
- MD5
  
  c070f2421851420e832e4f5989a775a2
- SHA1
  
  d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46
- SHA256
  
  d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131
- SHA512
  
  75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e
- SSDEEP
  
  3072:87IcHKc0TwY4O6BlLiJxTmd9h1+fJ5uJnjpUoh/ht21hYvpMaoySJHPc8E:8dHV0Tn4pox6d9G4k
Score

1^/10
behavioral5 behavioral6
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/LiveCharts.MAPS.dll
- Size
  
  53KB
- MD5
  
  dfee15e4c6efa37e6645d8b47c8581e0
- SHA1
  
  876140e0855fcd15bfb590431fb7b280d1db4a21
- SHA256
  
  5b8a9a04f454a2c4da5989fa454a0138d3e5c40712816600f90111b7bf045c40
- SHA512
  
  4d0e7b0a5642b649c04e54d89e707ec00e79a0fa282eac19b6097b819652045c3e157763b5b2922a4c2252b0877059ef90eb60038280dbfbef9502f421d739df
- SSDEEP
  
  768:r4gOx89xKERw2U11HI+bZO603JLw8MOrNNLSW5/5xTcb2y1ehVHp:rPKB22HIwwFNuC5N6n+VHp
Score

1^/10
behavioral7 behavioral8
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/LiveCharts.WinForms.dll
- Size
  
  19KB
- MD5
  
  76c775d09b24798f6923452e920979b5
- SHA1
  
  3fe2c79512a0d1153fb07f6640b27106c90d333e
- SHA256
  
  a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad
- SHA512
  
  eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9
- SSDEEP
  
  384:F5gNA4m0NkdPbJfGZLifwdNqF8vLvTjzHEhZFUPOxFBVGquJpQ76RqMm:F5gNnrNklJfGZLiAw27jrEhZFyYMm
Score

1^/10
behavioral10 behavioral9
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/LiveCharts.Wpf.dll
- Size
  
  212KB
- MD5
  
  e924f79f0b5f3e79c98477d75831813d
- SHA1
  
  64f71e20e1953b13c771d8a8e63549ad6d64216e
- SHA256
  
  1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b
- SHA512
  
  063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1
- SSDEEP
  
  6144:d/vd0eaDQcUc0GkiTV3bkACA3AloBtefVt+aA2xgKPo1zlW1w:vaErjGkiTV3bkACA3AloBtefVt+aAGBF
Score

1^/10
behavioral11 behavioral12
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/LiveCharts.dll
- Size
  
  148KB
- MD5
  
  9642899636959b7fc89bf34a8b998a90
- SHA1
  
  479a0254d1c9e5565c7d861bb77f54b7eae50c96
- SHA256
  
  9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca
- SHA512
  
  435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2
- SSDEEP
  
  3072:saegvMNVoz3Vlw6/R3z3MV1IdJJGVKWHC2KdxFFT9lzo:VFJlwYMVWY65z
Score

1^/10
behavioral13 behavioral14
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/NAudio.dll
- Size
  
  498KB
- MD5
  
  6ca17abccae3050f391401b2955f9333
- SHA1
  
  0975b039a793accb58130d6639262cd291d80d5d
- SHA256
  
  3ad5d09b4c8c3146d15955a564a9f1a57d7c795b189a25c6f722a738d95ef89c
- SHA512
  
  c08f366aae9baf0e7762f47a2f79d0dee5187a1d7631e5838590b7c12911bdeb6247e0ff860ade36e04f1d6717f919ad98df6d3a1a556bff4b8994db9616ccec
- SSDEEP
  
  12288:MnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6C:K8lrT+r5ADakP4i9gs
Score

1^/10
behavioral15 behavioral16
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral17 behavioral18
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/System.IO.Compression.ZipFile.dll
- Size
  
  24KB
- MD5
  
  dcda916372128f13ada8b07026c1b3e7
- SHA1
  
  99d6c187de8510206a93d2eed9c65e65e0c86e72
- SHA256
  
  b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a
- SHA512
  
  d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9
- SSDEEP
  
  384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa
Score

1^/10
behavioral19 behavioral20
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/WinMM.Net.dll
- Size
  
  43KB
- MD5
  
  d4b80052c7b4093e10ce1f40ce74f707
- SHA1
  
  2494a38f1c0d3a0aa9b31cf0650337cacc655697
- SHA256
  
  59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46
- SHA512
  
  3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450
- SSDEEP
  
  768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv
Score

1^/10
behavioral21 behavioral22
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/craxs.dll
- Size
  
  16.2MB
- MD5
  
  6976141e6a62ec976d7f94a068d7f2fa
- SHA1
  
  d40990b875657d4b010005707432a8f36ab09a7b
- SHA256
  
  b761133d4b9139dcb75eb0e7297676ceff9ca94ba7721b9615e557067ee301cd
- SHA512
  
  288efc33649c35a2ef210f8168eadcce1bd2b3b7610cd4bc34b023f397e0c29324de81a1d990a6258a7db7f3c5ab3fbb17d729fcc518c6aa9231661eaa2f553f
- SSDEEP
  
  393216:3Um8MPZGP+nnnX7QWtyYBlW8mZ/A2qG3Tr6bbOdEwHLuIS:3UmxIGnX7QWto8e/4MiXOdE+Lm
Score

1^/10
behavioral23 behavioral24
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/craxsrat v7.4.exe
- Size
  
  62.0MB
- MD5
  
  d125972b55d437d2dc9e89cfa0e81785
- SHA1
  
  2b09d5a4eb8a239790393f06b0af1d4cac334b91
- SHA256
  
  df4a1582b2d000cc4ddac50aec247fa92ba13b3b822f6e05cb529b2eb94a07f7
- SHA512
  
  7ffa6176d28bf6d17f390726d5cb7f8d6b6f07adeb3b382d2eee4148f5b6ac0693421d4ef3e17b8fb263beaf3997bdb12fcd4c83199f55ab1ae9aa620a33d17d
- SSDEEP
  
  786432:8c+NX10EPRuHoA5AKF7zR/t6tKF+iS6JkKgApbLKo2:j+NX10qwAMzttZm6CKXxI
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/res/Plugins/Android/gen-2.pl
- Size
  
  4KB
- MD5
  
  0037f9d6a388db91c980351af4c03b2f
- SHA1
  
  9384a65d636944e42c0e93310dacf68dfe016782
- SHA256
  
  f0326ad672ec2278750232cc920769710972da0594f45641441a4327a555cb8e
- SHA512
  
  6ae67ad4d61ffd437c7b5b6044c6cc2c99b47619e0a7d3338322e3df1181dc66bed393a2466953e5b4eafb8d4b2fd7864e61b04479e74e0ffe1fd8d1cdc6d57e
- SSDEEP
  
  96:2Pm57RfU5dE1Yn8RA9O6vUfXDmzWyPVEjCjpHY0e3/:2O5lw8RAU0UfXalNK0xYD
Score

3^/10
behavioral27 behavioral28
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/res/Plugins/Android/gen-6.pl
- Size
  
  7KB
- MD5
  
  d324afb827bc0410b7387f2f22d14242
- SHA1
  
  bc8e494e86e41bee2ce2add6d0fe8919656a7102
- SHA256
  
  69572ff59d2f8b428fa2e5fad4c6abfaa78813b889740a0b17c3bf4ff522f2c7
- SHA512
  
  c337ade6028a734922d91e96abf87f889d57ebe825ab0a4c0d927cffb26e38558fc1c3f61ee042f423e639e60637b4b41cd436aebc054df2196868d58bcf428b
- SSDEEP
  
  192:2OkFCNbNbSdOYT7Ax0xrUhmE7OH7Vgpet+gfLTkRQi33o+:2pFCNIdO24gr9EiH7V03gfnkq+
Score

3^/10
behavioral29 behavioral30
- Target
  
  CraxsRat V7.4/CraxsRat V7.4/res/Plugins/Android/gen-7.pl
- Size
  
  5KB
- MD5
  
  a9f48543cf1571322f575724a0e8de35
- SHA1
  
  edaaf35c07045f0d0376202700d1d3213e42c246
- SHA256
  
  3a36e9b32c7bee100d590a31b8e622a229c6168e2fcd95dbd9fa934025e6787b
- SHA512
  
  0b7f72c4b68e78f2c73485387a3d6e0d2dc92a2298bf0f737ccf1d4bf508db1e96a164550ed7a3a0a74f99cc89d989e1d28ecd986c4f164a0b22e9760dadadc1
- SSDEEP
  
  96:2Pm57cUV8+pZmIjZ9gZdXarsspyqU0H16DN1kvZFgfqYTfTvPNLMrnSkCXeYH/:2OduEmIj8ZdKrQ0HkzkvZFO31YdCuI/
Score

3^/10
behavioral31 behavioral32