Overview

overview

10

Static

static

5

db69f19879...85.exe

windows7-x64

db69f19879...85.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06303600a3a44eb2fbce248eb0fe9fc1.bin

  • Size

    4KB

  • Sample

    250104-bct8xaspay

  • MD5

    96ce905457ed2bf685698dded305c441

  • SHA1

    4fd1bb609d1f5202d84dbc967c5b028fe5ca5e76

  • SHA256

    6701a7622b891288246ed09789f30ee54f6046a75b3ad7f1de3b31ab00a2d63f

  • SHA512

    8d882b2b206198e82ac3ee9863d626108ac99c99b57c8e46345cd4be2ed6121fda01e43858136e0d59329bb7c425805402a9bb386fbd813a6e6e12dc9fb84296

  • SSDEEP

    96:Qf9P60RDzSNfJM84/mAKIT3nBYvzX/lnlEM2bZ86wrm69T19D+LVer0Byz:2PjSfq8v4TUvzgzwr9T19aLMYq

Score
10/10
xredbackdoordiscoverypersistenceupx

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Targets

    • Target

      db69f19879e131fd35e882606148335c6dcb26cbea650d394ba519d76c57bb85.exe

    • Size

      6KB

    • MD5

      06303600a3a44eb2fbce248eb0fe9fc1

    • SHA1

      ccfb720a50808469da5d67eea306d08f51e11538

    • SHA256

      db69f19879e131fd35e882606148335c6dcb26cbea650d394ba519d76c57bb85

    • SHA512

      b135f23760aba312cb0c0cab697d2ec4f735f5cad9011d3b11310eb9cc59f65c4ffdc757e4f39bdcf6c8abb3badb6865301ffd5ed817c1251b6ecabe21f17df9

    • SSDEEP

      192:DfaOBqbo/qmA2LEnrtDINynT+vCgcJXB:OOY8tLqltJXB

    Score
    10/10
    xredbackdoordiscoverypersistenceupx

    • Xred

      Xred is backdoor written in Delphi.

      backdoorxred

    • Xred family

      xred

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks