General

  • Target

    551f60af50261f7de85d44ade14e5b2d5d20898bb6857800146afd999c382cc2

  • Size

    1.1MB

  • MD5

    d8c6c5a637ea0824a1ca4f2894fdac2c

  • SHA1

    8c85248155b2a532c28bb74cb1e11a38e58bc11a

  • SHA256

    551f60af50261f7de85d44ade14e5b2d5d20898bb6857800146afd999c382cc2

  • SHA512

    7033b40df16f492b74c7cf0ebcc9b32b957b33a669d967321ece21542385fd1964a0ccd329f17734a02e3af049362349eab598dcc96ba137851d14c04b913e38

  • SSDEEP

    12288:UMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Ez7HpXRikZsYGAn2F:UnsJ39LyjbJkQFMhmC+6GD9KrzhK

Score
10/10

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Xred family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 551f60af50261f7de85d44ade14e5b2d5d20898bb6857800146afd999c382cc2
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections