Overview

overview

10

Static

static

10

00029a8f1d...fd.exe

windows7-x64

10

00029a8f1d...fd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xred_bkdoor_dropbox_20277974499.zip

  • Size

    3.9MB

  • MD5

    99c1889afbd57f73bb3f333442c3f3d9

  • SHA1

    e3ab1f4724ba6f29594d147b48b91b038371298e

  • SHA256

    5826c49ee8093a997df75d2bcc05f8996e11a66fd9e4f6d3c65afa39feddeeab

  • SHA512

    9e62bf7b4be1129579edab5a6105714f17678fd780b2ebaca432fa7d224ef1e9787457d71fa96aaaac4d9ca35b9a0696190e38c4af55fa0649ff6e4f68c0336f

  • SSDEEP

    98304:P4ydvlJUjjYXmAmkKhLQJ0548NqwFzzyq4oyFmn9+urd:BfUKVmDfe/oyQl

Score
10/10
xred

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Xred family
    xred
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • xred_bkdoor_dropbox_20277974499.zip
    .zip

    Password: infected

  • 00029a8f1d571f6bbc96cc5c648e781f8ef550d26ceb899fe19e6b0733bab1fd
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections