General

  • Target

    1fa2194e4e59da63cccdb898081fe94e3eebb512171e37b1fcef2103778c833e.exe

  • Size

    793KB

  • MD5

    cda6d965e5022de8afd75fdfedb2bdd6

  • SHA1

    570a763b04f13ee32d244811cfa44bfc9e96831a

  • SHA256

    1fa2194e4e59da63cccdb898081fe94e3eebb512171e37b1fcef2103778c833e

  • SHA512

    6b4482f9c8a87c1c49cc95030d141ea73cf48d3447a79595c18f787327017ab4eedb3b50db3cf5ecefddacd0c2a8eba6cf74e54a049391d3c366f8b3cd320c70

  • SSDEEP

    12288:mMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9T2REnT:mnsJ39LyjbJkQFMhmC+6GD9yRET

Score
10/10

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    xredline1@gmail.com

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Xred family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1fa2194e4e59da63cccdb898081fe94e3eebb512171e37b1fcef2103778c833e.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.