General
-
Target
0a7aa19b240796b21933cc872acd9c5384680a52c119ce339a19b6b15ecc3d84N.exe
-
Size
1.6MB
-
MD5
8bc5854846987dbb5557fd5864581fb0
-
SHA1
246f74f7703d9ca56c5c8480374d584bb8971c45
-
SHA256
0a7aa19b240796b21933cc872acd9c5384680a52c119ce339a19b6b15ecc3d84
-
SHA512
b5ab94002baa69de118c0677fbbc7ff15e95779fa80c5424f83a106eea3d418db17937b48e440c865f460d562d2597255266527c886a88845cd3908ea9cfb601
-
SSDEEP
49152:snsHyjtk2MYC5GD7Zkg6Yf5/pFFFOhKMdDBY:snsmtk2acZkg6YBhFFFOhKMdW
Malware Config
Extracted
xred
xred.mooo.com
-
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
http://xred.site50.net/syn/SUpdate.ini
https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
http://xred.site50.net/syn/Synaptics.rar
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
http://xred.site50.net/syn/SSLLibrary.dll
Signatures
-
Xred family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
0a7aa19b240796b21933cc872acd9c5384680a52c119ce339a19b6b15ecc3d84N.exe
Headers
Sections