General

  • Target

    019fc60427d0126adfec88980c7fb666.bin

  • Size

    1.2MB

  • MD5

    40530541ded49b065383d6afcf88c809

  • SHA1

    34969fac55cae989df0966c63e76724da309e4a1

  • SHA256

    e227c79a19465be89c9d2221f9c6f7c65f5ae410386e0b622d07f20b932951c7

  • SHA512

    4b218e586ce446ae2a74a1b4c797c5fd5f5d937240d3f31780e232863e1ab78e47a79a6dd953e591f18a64cd663bc32b546ddaf433600f566dec00657b523a93

  • SSDEEP

    24576:j+zi8vzD7dSsjBaOWK/Gbm77zs+j6hZ7xteZjgMwvqK4lU1Y5j:jwDhSXOj/G6Hsd37DeZji4lUO1

Score
10/10

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    xredline1@gmail.com

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Xred family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 019fc60427d0126adfec88980c7fb666.bin
    .zip

    Password: infected

  • 6bf3a9c47d0dc7cbde76eb4dbd81f9fcac54f64d7bf907ff952438503d8588b6.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.