xred | 3adf1a24d2b6be6d1942dfd603dd4535de000fac2929f8eb8fc8ff6a5448ba07

Sharing

Copy URL

Twitter E-mail

General

Target

riptweakcracked.7z
Size

305.3MB
Sample

241127-vzg2msyral
MD5

8b02904f43a13ed8b700e3ea01e5cbda
SHA1

d05fa65537930533e256aeea711f4055770cca1f
SHA256

3adf1a24d2b6be6d1942dfd603dd4535de000fac2929f8eb8fc8ff6a5448ba07
SHA512

b58ffe56e13d59354531a0625a7da6b9146ea5b6015de373278ada495f48762e443310307d6af6981e5e708104b2ccfb97e861678a2b4469dbaa0c48462751ad
SSDEEP

6291456:3A8JrBaB7xIVPrGHzh1cy/UkQEfWCS4zHjabjVkM3z9PeoEbz45sDuz:w8iB7S9wnco8yHjaPVNVe14yDuz

Score

10^/10

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Targets

- Target
  
  riptweakcracked.7z
- Size
  
  305.3MB
- MD5
  
  8b02904f43a13ed8b700e3ea01e5cbda
- SHA1
  
  d05fa65537930533e256aeea711f4055770cca1f
- SHA256
  
  3adf1a24d2b6be6d1942dfd603dd4535de000fac2929f8eb8fc8ff6a5448ba07
- SHA512
  
  b58ffe56e13d59354531a0625a7da6b9146ea5b6015de373278ada495f48762e443310307d6af6981e5e708104b2ccfb97e861678a2b4469dbaa0c48462751ad
- SSDEEP
  
  6291456:3A8JrBaB7xIVPrGHzh1cy/UkQEfWCS4zHjabjVkM3z9PeoEbz45sDuz:w8iB7S9wnco8yHjaPVNVe14yDuz
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  riptweakcracked/chrome_100_percent.pak
- Size
  
  125KB
- MD5
  
  0cf9de69dcfd8227665e08c644b9499c
- SHA1
  
  a27941acce0101627304e06533ba24f13e650e43
- SHA256
  
  d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88
- SHA512
  
  bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef
- SSDEEP
  
  3072:ogKzwI/4wKN3/nXCWZQCPxBVO2o418Gb0+VRLf0ld0GY3cQ39x2I:ogKzwI/49NPyCtoK18Gb0OV8ld0GecQ1
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  riptweakcracked/chrome_200_percent.pak
- Size
  
  174KB
- MD5
  
  d88936315a5bd83c1550e5b8093eb1e6
- SHA1
  
  6445d97ceb89635f6459bc2fb237324d66e6a4ee
- SHA256
  
  f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25
- SHA512
  
  75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2
- SSDEEP
  
  3072:YDQYaEqQZUYUJP1N3/nXCWZQCPxBVrfR54x5GMR+F44ffbdZnYw9p4AbIVGYoDdR:YDQYaRyY1NPyCt9gx5GMRejnbdZnVE6j
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  riptweakcracked/icudtl.dat
- Size
  
  9.9MB
- MD5
  
  c6ae43f9d596f3dd0d86fb3e62a5b5de
- SHA1
  
  198b3b4abc0f128398d25c66455c531a7af34a6d
- SHA256
  
  00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee
- SHA512
  
  3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4
- SSDEEP
  
  196608:tGzwSv9AAQu1+liXUxCGZHa93Whlw6ZzbSEQF:t3KlQusliXUxCGZHa93Whlw6ZzbSEQF
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  riptweakcracked/locales/af.pak
- Size
  
  125KB
- MD5
  
  46f982ccd1b8a98de5f4f9f1e8f19fe5
- SHA1
  
  13165653f2336037d4fb42a05a90251d2a4bc5cf
- SHA256
  
  9e0aeb9d58fecc27d43e39c8c433c444b2ce773cc5d510fc676e0ebbcab4bddf
- SHA512
  
  2c40e344194df1ca2d2e88dba0cb6c7ef308dd9c83e10bbc45286b5e3bc1d98a424a60ec28b2700606916105968984809321505765078d7caddbb1c4d3f519de
- SSDEEP
  
  3072:Q4R1VbSVwDwaPwT6HUrLOd+QeeSsL0J6tuBMWoXO3I9GLfXEAbZt1ScE:rR19SVwDwa3qLOds80KO3q
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  riptweakcracked/locales/am.pak
- Size
  
  202KB
- MD5
  
  15b05881e1927eda0e41b86698ce12da
- SHA1
  
  d629f23b8a11700b410d25f3dc439c8c353b0953
- SHA256
  
  4c0129e1023e6e6cb5b71fadd59026d326fec3393463530c2f30fff8aacaaedd
- SHA512
  
  6f921563d6887d0b712966bf3f8dea044d1115dd0a5d46eeee5595966dd88e49d5dfbec74ee1de19a330bc9f1a11ef3c7c93d6c5e69f1ee7d1d86085b7a2bd7f
- SSDEEP
  
  3072:R66FO7S/E92t7Rq4rgEkDvuh7gb8oeyHXkiqiwGMqyZJjhEb2WAATMb0kew97MaH:fXgJ1mudHQP+x30jH8+D
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  riptweakcracked/locales/ar.pak
- Size
  
  207KB
- MD5
  
  1b55e90455877384795185791bc692c2
- SHA1
  
  3d7c04fc31c26b3ab34bd2d8f4dcfbf4d242bc46
- SHA256
  
  ac44c459f86c577f1f510c0b78a8317127522f0d2f80734b6c9ab338d637d4df
- SHA512
  
  bc3dc023c9af551279a4d22583aedf79e63ada46c79ea54b7da18c12b9acd726e4f534e26789d2583036c382bf6a8862335ca72fc8b510ed065bf895b8d7c3b0
- SSDEEP
  
  3072:kOq8NvEeHPcNRXqhmBdJcFxu3PzGF+hFGAaduzBfMCS2xHMuZtE9P6NsJ0NJOKKn:kOq8h4NRx3PzNfPMgSENmW95I1LCA9
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  riptweakcracked/locales/bg.pak
- Size
  
  226KB
- MD5
  
  470dde3136a8da5752fcde269d4b6b43
- SHA1
  
  85196012cc0df090650244f7b55e51728c68806b
- SHA256
  
  cd6701f8b682b6d677ae2010abfb4bfd19555bb42847e2ffddc54e203d50b373
- SHA512
  
  b39397c8a3a081e61dd52ebbc0a4cc2ac33f9427c1ea9215995cd8915d705f30d2d3290742155890a61fc3819b6076c1ae41d278171517622ad35fc6f430702a
- SSDEEP
  
  6144:ZRQoKRDBa4V175RTKa40IzN/frZzrmLy8APWx6y2Hw2ReusUVT:ZCoKRNa4V175RTKn0IzN/fILy8APWx6P
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  riptweakcracked/locales/bn.pak
- Size
  
  291KB
- MD5
  
  be160a93d35402ed4f4404f2b1d05d95
- SHA1
  
  52db7af673b6e5318e6663751938dbbce4f6280e
- SHA256
  
  a40148129ff88aff0ea269ef3ca4fb369e772257655d27dfa29f078270486287
- SHA512
  
  c2d2c4a2e24fdeeb22dadfa63ee8338efe8a5f08e17c3eb0e9a946098c57ba675c8ca5c73c04424e8307d9be60f9263553e8268f4815c73d081205fe8a92c8f3
- SSDEEP
  
  1536:OkH1yASb4xVdGcnAfrp9KJ3bJr98JMgE2fpwuDuI9KZ3IlzmhG1A+qSvuA3Szc:OkVrxXG+Sy3bJW
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  riptweakcracked/locales/ca.pak
- Size
  
  140KB
- MD5
  
  8fc109e240399b85168725bf46d0e512
- SHA1
  
  c42c1fc06b2c0e90d393a8ae9cebcdd0030642e5
- SHA256
  
  799ac8c1fa9cdd6a0c2e95057c3fc6b54112fe2aebbb1a159d9dac9d1583ca62
- SHA512
  
  84a51f291d75b2d60849edbc1958a50cfe2ac288ce716bf4827038b47bd855a65d04ebcef6f92d78e31a27daa63f07772149798740652078e27ec68930ec07dc
- SSDEEP
  
  3072:Y1yZNTtAaCcg4H65rKoMVhoVFBL8lmoT69Q1H7O/RjbNO5ufzwXi3Sk75CU/XlH7:72ZcgNoF0O5hXi3Sk75CU/XdFtXfjt+O
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  riptweakcracked/locales/cs.pak
- Size
  
  143KB
- MD5
  
  df23addc3559428776232b1769bf505e
- SHA1
  
  04c45a59b1c7dce4cfabbac1982a0c701f93eed0
- SHA256
  
  c06ac5459d735f7ac7ed352d9f100c17749fa2a277af69c25e7afe0b6954d3c0
- SHA512
  
  fceca397dfc8a3a696a1ba302214ab4c9be910e0d94c5f8824b712ec08ff9491c994f0e6cfa9e8f5516d98c2c539fa141571640b490c8dd28b3a334b0449bdd8
- SSDEEP
  
  3072:7YpZ+KPzo3zO1J+17fbYR12ly9g+5X/F/0L8QGF1:M/+PzOvL2ly1F/O8QC
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  riptweakcracked/locales/da.pak
- Size
  
  130KB
- MD5
  
  875c8eaa5f2a5da2d36783024bff40c7
- SHA1
  
  d0cba9cfbb669bbb8117eee8eccf654d37c3d099
- SHA256
  
  6ee55e456d12246a4ea677c30be952adfb3ab57aca428516e35056e41e7828b5
- SHA512
  
  6e17692f6064df4089096aa2726eb609422b077e0feb01baaa53c2938d3526256c28fb79ef112164727202cdd902aae288e35cf894c5ef25fecd7a6efa51a7e5
- SSDEEP
  
  3072:qYeFbj8CjaMRZ2zOnX+5MTkdRWwIGYZJx:qYeSNMRkzOnX+WWRWw2
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  riptweakcracked/locales/de.pak
- Size
  
  139KB
- MD5
  
  5e7ea3ab0717b7fc84ef76915c3bfb21
- SHA1
  
  549cb0f459f47fc93b2e8c7eb423fd318c4a9982
- SHA256
  
  6272ed3d0487149874c9400b6f377fec3c5f0a7675be19f8610a8a1acb751403
- SHA512
  
  976fb09b4a82665fbf439fa55b67e59aeaa993344df3f0d1926a82fb64d295bbe6fd77bb65e9f2267d98408e01166dd0c55c8ec7263ed74b3855f65dffc026ed
- SSDEEP
  
  3072:eMTzAYItWj63Yp8tKgA2dN5N4hlOgxjT+:nnATtKuB4ygVS
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  riptweakcracked/locales/el.pak
- Size
  
  249KB
- MD5
  
  7dca85c1719f09ec9b823d3dd33f855e
- SHA1
  
  4812cb8d5d5081fcc79dbde686964d364bc1627e
- SHA256
  
  82b3fbbdc73f76eaea8595f8587651e12a5f5f73f27badbc7283af9b7072818c
- SHA512
  
  8cb43c80654120c59da83efb5b939f762df4d55f4e33a407d1be08e885f3a19527ed0078ab512077604eb73c9c744c86ec1a3373b95d7598bf3835ad9f929d67
- SSDEEP
  
  6144:ALKSCi5b9F/kDuKxYxbt5I6ROl3+pSb3//zFMeF+fx2hlA66rOw5YlXSWzG:VSCi5b9F/kDuKxYxbt5I6ROl3+pSb3/k
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  riptweakcracked/locales/en-GB.pak
- Size
  
  115KB
- MD5
  
  db946e28e8cd67fc45a317a2d22943d3
- SHA1
  
  0e096f66915f75d06f2ec20eae20f78ad6b235e7
- SHA256
  
  7eb6af7620593bdd33cf4a6238e03afbf179097173cbfffdada5b3e25b8f0bbe
- SHA512
  
  b893650000f463c1f3807f1feae3e51664e42ec10c1a5af7c08970163d5188f1f9ffcc5e82fe2209c78d8b4fc2feba050abec4c44d1eb122cd42fcc14a8b1c3f
- SSDEEP
  
  3072:O9ch9d5mCOmjQK6rFfBNgizJdLIeqij3ggl+1j:kchT5mCer5Vc
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  riptweakcracked/locales/en-US.pak
- Size
  
  115KB
- MD5
  
  f982582f05ea5adf95d9258aa99c2aa5
- SHA1
  
  2f3168b09d812c6b9b6defc54390b7a833009abf
- SHA256
  
  4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d
- SHA512
  
  75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78
- SSDEEP
  
  3072:M/WTHfDS2harrWBNgmHJztK3IF3ggl+Scwh:M/WTHmrRYQwh
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32