Overview

overview

10

Static

static

10

70636c3fd3...1e.exe

windows7-x64

10

70636c3fd3...1e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70636c3fd3bdab42234e249084ebada003015df3d943b9d9e3c3cf61dd057e1e

  • Size

    3.9MB

  • MD5

    c52d4fb4a49b05a1f665d2b9a4bb42ad

  • SHA1

    4165fc93089a1b3517088db400963df219af05d3

  • SHA256

    70636c3fd3bdab42234e249084ebada003015df3d943b9d9e3c3cf61dd057e1e

  • SHA512

    a312ede14b3a771d75de0060a7bb8c97787d99114a828cb8b98d734463bc0ceb365b1677f3e1a3936c24439e5436451c11335f3f3f3d5f1138e4da28f6aed557

  • SSDEEP

    98304:vjmtk2aw3jmtk2aH3jmtk2az3KK3dyaXXNJDWjBKUoLIkPeB1LnPnqn9:v+h3++3+y3b3rXXNJDGiLIkGB1zfk9

Score
10/10
neshtaxred

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Detect Neshta payload 1 IoCs
  • Neshta family
    neshta
  • Xred family
    xred
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 70636c3fd3bdab42234e249084ebada003015df3d943b9d9e3c3cf61dd057e1e
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections