General
-
Target
Bootstrapper.exe
-
Size
1.5MB
-
Sample
241208-zhk47atpe1
-
MD5
d4a03084464e8fc23beea44ad84d065f
-
SHA1
9db22b5630e09a42898ef2da5df0a745886bc912
-
SHA256
5154019f133eb1d0673898bd2751222c5c540f0575b40e22ae24be1e5dd03d6b
-
SHA512
ee9e0d4c32443e4bed9da30d07812270c96b2e54a8c1e1bfffbcf746617c9366dcc87ec9004da3d6d5fac94a864ccdf890d4b6e65d74610a46f24c6b8d6d0caf
-
SSDEEP
24576:ynsJ39LyjbJkQFMhmC+6GD9O+ubYHYqRoAQpjFVG0HXqlF4u4:ynsHyjtk2MYC5GDauoAQpjGPl4
Behavioral task
behavioral1
Sample
Bootstrapper.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Bootstrapper.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xred
xred.mooo.com
-
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
http://xred.site50.net/syn/SUpdate.ini
https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
http://xred.site50.net/syn/Synaptics.rar
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
http://xred.site50.net/syn/SSLLibrary.dll
Targets
-
-
Target
Bootstrapper.exe
-
Size
1.5MB
-
MD5
d4a03084464e8fc23beea44ad84d065f
-
SHA1
9db22b5630e09a42898ef2da5df0a745886bc912
-
SHA256
5154019f133eb1d0673898bd2751222c5c540f0575b40e22ae24be1e5dd03d6b
-
SHA512
ee9e0d4c32443e4bed9da30d07812270c96b2e54a8c1e1bfffbcf746617c9366dcc87ec9004da3d6d5fac94a864ccdf890d4b6e65d74610a46f24c6b8d6d0caf
-
SSDEEP
24576:ynsJ39LyjbJkQFMhmC+6GD9O+ubYHYqRoAQpjFVG0HXqlF4u4:ynsHyjtk2MYC5GDauoAQpjGPl4
Score10/10-
Xred family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-