Overview

overview

10

Static

static

10

d9208fb65a...59.exe

windows7-x64

10

d9208fb65a...59.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c5dc3d854163db3f05e69da8c482963.bin

  • Size

    5.2MB

  • MD5

    9497dfa1e71889e11ac2bb056dd41cae

  • SHA1

    b22496954427db4972e567d7ef1884994806afd8

  • SHA256

    f5485ee25c93f2e5cc86c9e1d2c4d1eadbff308d76abbc0b06797610215e23d2

  • SHA512

    15f875877fb8b6756f3570402ccd0e44a9a555b2c7d602890f5d6d3ee209e836cd5602ae496e57d1d84b6a5c12d3181b6d4f0e8e03c62cd321efe21eea602d36

  • SSDEEP

    98304:NP7iaYM6hieMexIKAM9QzZxf1C3k3i67tNjDubutcRf3MD3t:vYBhiTjU9wxflNapcjt

Score
10/10
xred

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Xred family
    xred
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0c5dc3d854163db3f05e69da8c482963.bin
    .zip

    Password: infected

  • d9208fb65a6bd0364e830e1ff3689b07724d34dca35f5e9cd0c457278675eb59.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected


    Headers

    Sections