General

  • Target

    00ac7933298f2eee93f957b0a29baae4910d76082979bbdec98d473fe22fb157N.exe

  • Size

    2.6MB

  • Sample

    241217-nh9a8sypgj

  • MD5

    e592810165c413a22970f95e3119f340

  • SHA1

    50eb701d2420faecf6ded9f335eaee7f6d891322

  • SHA256

    00ac7933298f2eee93f957b0a29baae4910d76082979bbdec98d473fe22fb157

  • SHA512

    2ecf41d455a1db7182b6f2a0a63ff3d76b1bdfef00c9a564bc08accf58c95337e19f2ffce9a2cd07be04120cac4dce917b496af60c4f534360e1bddbbe14933f

  • SSDEEP

    49152:wnsHyjtk2MYC5GD++xIXVqMlQ9BxMRW/R49SPpB7vxhotliTQo4yfGw5A2V:wnsmtk2aLLlQzuW/R49SPpDQo4yfGc

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    xredline1@gmail.com

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Targets

    • Target

      00ac7933298f2eee93f957b0a29baae4910d76082979bbdec98d473fe22fb157N.exe

    • Size

      2.6MB

    • MD5

      e592810165c413a22970f95e3119f340

    • SHA1

      50eb701d2420faecf6ded9f335eaee7f6d891322

    • SHA256

      00ac7933298f2eee93f957b0a29baae4910d76082979bbdec98d473fe22fb157

    • SHA512

      2ecf41d455a1db7182b6f2a0a63ff3d76b1bdfef00c9a564bc08accf58c95337e19f2ffce9a2cd07be04120cac4dce917b496af60c4f534360e1bddbbe14933f

    • SSDEEP

      49152:wnsHyjtk2MYC5GD++xIXVqMlQ9BxMRW/R49SPpB7vxhotliTQo4yfGw5A2V:wnsmtk2aLLlQzuW/R49SPpDQo4yfGc

    • Xred

      Xred is backdoor written in Delphi.

    • Xred family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.