xred

Sharing

Copy URL

Twitter E-mail

General

Target

OxycoRat.zip
Size

162.5MB
Sample

250104-ra5jvssmbx
MD5

bb4c5e6d89b79800527825af849eba33
SHA1

3f2fbab19e348d3c104f941139c1e780b0062d9e
SHA256

f597e857bd8ed3adb8d0fca17be02ac87696b3dd03c1ba5bd66367e067161fa0
SHA512

579e470809377ae0f19ca334fffc6531765660edc23482a791add7ce22d1e346e9e63d980cf60ea802e52f9e29722cdbcf175a3d3a6bdd5215dd876349da561a
SSDEEP

3145728:KaReFiYxpgByVWJ/pUtblFSUfEybOGsDHBuJCpUtbD+D4rlrfXB:r4rpgBhOTxfn9q5OsOlrfXB

Score

10^/10

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Targets

- Target
  
  Modules/ffmpeg.exe
- Size
  
  29.4MB
- MD5
  
  f25eef8a89531e8a78340b2a682d6047
- SHA1
  
  a3d495987c8fad02b828475020904aedfd2c92ca
- SHA256
  
  1abee4a7dbe8f624290054c14ef7b58db19e93df976c2adb8ff4bd20974c3a78
- SHA512
  
  28f0f857299655be4e5badd4f044156935f0f60256127e6e8bf1341728d895ec619e8ebb543e1b971e1046f1308242aa9105365bd0a5a1eba432c3c4cf21a115
- SSDEEP
  
  393216:eUubj/bPa0l4tk5vDJS81QhKloaXu1xsBsmpe+k:ej/O0l4y1r+Xo
Score

3^/10

discovery
behavioral1
- Target
  
  Plugins/sqlite3.dll
- Size
  
  171KB
- MD5
  
  744dcc4cbbfbb18fe3878c4e769ec48f
- SHA1
  
  c1f2c56ee2d91203a01d3465f185295477a1217d
- SHA256
  
  33eb31a2a576e663474a895ff0190316c64a93d9ce05a55df0d53f9beeb61163
- SHA512
  
  706630be2ca09e574a7794e32e515a0a3f993643d034647b8cb976c1e7045e87e30362757cc65fcdb95f4a4327f0dcda3edc82ba84e5ed9115870a037e13af21
- SSDEEP
  
  3072:4yOtgCNPbAHuzueAlwsKmiiEHpmBt7tjBwHH1ELXvSsmB8teUOhKJz4ZKJNCT1xe:FOtRsOz2xKmGH8JBwn+2smB1Uf8Kurb
Score

5^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2
- Target
  
  Users/realme 11 Pro 5G/14451.apk
- Size
  
  6.2MB
- MD5
  
  e2bf29248eec138a13308a7468d24328
- SHA1
  
  e733ef650b35dbc7c2fd397b6f7b115600f54f2a
- SHA256
  
  aa9d9e70c3991232e6badb50755d57cd252bca4315e03a0b2f3533b699699caa
- SHA512
  
  faab5a439be0ccab8439e4cc7a4cd244f99a968cc9358531a2d81fcae199dc328d0b97af3a17376b3c85d588e72bcfa2cb6317ecb1906a2b0998aec71ef8269b
- SSDEEP
  
  98304:EzBfIzfrvVXJhUNR5TgThyJjlRw0D4sn69/KqroTVXnBLEc/uEW4ceCH58TSTJy:EzRiLUNPgAlnEDUTLE9eCH3o
Score

3^/10
behavioral3
- Target
  
  res/Lib/7z.dll
- Size
  
  1.2MB
- MD5
  
  34738b1b326c7f65d365a5b33e045662
- SHA1
  
  54f86f6d3b5d96584d6d2a76023f3522e09706fe
- SHA256
  
  4d61796b499a4177b03e8e36778ec57293bebbf26412c69e19d3248602a2bb8a
- SHA512
  
  134faa16f9913d4cfdfb8efdc9cdda6ff6907016e0f46e3f72792cbc183a688fab0484f251efa562639a75582e380b099481d79d6324e5aded0a8041492414ce
- SSDEEP
  
  24576:XXm+ENgUCp+R3RuC2HhS6yR1xF2rH8W7f3z9L/SDidq2:HX7cRuC2Q6S36DJuKq
Score

3^/10

discovery
behavioral4
- Target
  
  res/Lib/7z.exe
- Size
  
  1.0MB
- MD5
  
  c90af375bc40d0506c16b4ed75efccb6
- SHA1
  
  cd29f79b128ba67bc30e44e7a0365c5ffd3be376
- SHA256
  
  c6e3aa8b8b76b9e3b9df71b3f31d1b7a23f2a031099aceb68c39f38945b65dc0
- SHA512
  
  f0f9e9f6d92ebf20a5303be38e41f66fd052141f04db14ad1d30c974a4e4e70abd51340fe92658563bdb6a7587d9117883241de5bdd123a6e259123869dbabaa
- SSDEEP
  
  24576:xnsJ39LyjbJkQFMhmC+6GD9P377SqLk2JC5RzHl:xnsHyjtk2MYC5GDR77k2OHl
Score

10^/10

xred backdoor discovery persistence
- Xred
  Xred is backdoor written in Delphi.
  backdoor xred
- Xred family
  xred
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral5
- Target
  
  res/Lib/ApkEditor.jar
- Size
  
  2.9MB
- MD5
  
  2a86a4e2a358bdef45ebdb9b1ad217b6
- SHA1
  
  6f1474287e6e6f4b1264e48eda8b88dfb7b7a47f
- SHA256
  
  6bcda26492a031fc63b0d0f7b6b4590ef5017cdecc134ee9768521b03833fe00
- SHA512
  
  1e4eec08a13e72567bd2e565ddf08a17d098e470280a057c8d4c31cfd501482fe7e381364f456a31cad1b0dae69e85140111e776bbd4b95c0a450d7d7f82baa0
- SSDEEP
  
  49152:R5DHKV0tkwisQD+Dt+C4e/4sLbTJ8Jxi18ZqByspA7P41Mwsw3Ga:Lz00tkw9Qa+BegsLbS3ksP4Nn3h
Score

1^/10
behavioral6
- Target
  
  res/Lib/aapt.exe
- Size
  
  2.3MB
- MD5
  
  380095ec86872cfcab1e1031a16e4750
- SHA1
  
  bd5b040d47d16b7847174f9a5ce88732c87aa400
- SHA256
  
  7f79865298d3abf371d496a29ad9ae1176d52cebd1635d05ef6d87fb770a6989
- SHA512
  
  7aea4411b7892701dc31a980df8b0331804e3206f72dff5f8dba940b4e6250e85181a6c66b78112ba5c835947b223db81f19443f0fc4292d1e605872d1a47201
- SSDEEP
  
  49152:ZnsHyjtk2MYC5GDMPNjtbkZdmFxzKyfMKiTYQ0QQQKXQQQQQQQf0Qm:Znsmtk2apNjtQZ8Pfz
Score

10^/10

xred backdoor discovery persistence
- Xred
  Xred is backdoor written in Delphi.
  backdoor xred
- Xred family
  xred
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral7
- Target
  
  res/Lib/apksigner.jar
- Size
  
  968KB
- MD5
  
  16c82bdd120d4b5803deafd3550afa5f
- SHA1
  
  c1e0626fe98fdbe2f1d483f99664ec957f44f891
- SHA256
  
  ba13fc4122f3c8ef23eed76e13792b033fd0506de90ec3ff1e5773e383eb6f15
- SHA512
  
  9918a24392d397a64f39489dba1c73b1576ff1e6bc2c302f3fd7bb037b9f42f620ee90c12ebb625e927543e3163fbc47bcf99c93fde6deb0b9376e171f792bea
- SSDEEP
  
  24576:5hCPzWIgo1IhgOBAxoBSTNDGbe48+mrmCJprmhBK5I:5hCbW6jAAks7R6OohBK5I
Score

1^/10
behavioral8
- Target
  
  res/Lib/apktool.jar
- Size
  
  19.1MB
- MD5
  
  361f0c97e34aa93c7c1d8aa3e4828f69
- SHA1
  
  f19cead377b1db01b2c7e1348aebb40e071ec548
- SHA256
  
  bc2b9a87ac5a86905b6ca343c21a0db3bc37bdd51154bc9cdf65523d95895d34
- SHA512
  
  3cab65fe5cdbcc072f486281cbc1efde84eb0ecb5db52bd633c07640bf3f09fb79861df303e9c569f1399aa307226545ff0973039c31c3934a70890c6af5f48e
- SSDEEP
  
  393216:CkyM3Zw9Rt5P66rAHKFNn514GWU/zgY6tKJzlWhkvOS4eSa:CHoA5AKF7zR/t6tKF+iSa
Score

1^/10
behavioral9
- Target
  
  res/Lib/junk.smali
- Size
  
  566KB
- MD5
  
  07daa56c012827a2ca40b03e8d3823c6
- SHA1
  
  484e0da731ccf4da4e7a52a73c53f70bbb0e1b21
- SHA256
  
  d7afac3ee30c639badcbc6b75a9a95222a6e519d53635a4c398fedc7546f4c56
- SHA512
  
  29b6879655eb818ec65cb16927a8f2d36a4384a55fb63dbe8de349430ff63757309dda5eaef20ddf43acab6806260c9723da540a86743616e8993edb1532fe4d
- SSDEEP
  
  12288:VilFY7VZ8EuJeio/CgCPK28VB081Em7zhZGIklwkLyXbWQs:gn
Score

3^/10

execution
behavioral10
- Target
  
  res/Lib/libaapt2_jni.dll
- Size
  
  4.5MB
- MD5
  
  e84804160656ee1f7038a7a6fc1da82a
- SHA1
  
  05b1f548c81cfd6e61e5828db80511ffb8df690d
- SHA256
  
  a439a9bc2981c5f11a2bb75578f66f2b5b6afa328af05f8139321ddfe8322fad
- SHA512
  
  ee2780d87bb801ef02f82427aecf0de2c7c496dbd4024edc5ca8d1db393c669b3cb6e263470b38811d905f0bdc7a9f3649d467082e1135710837add13fcddeae
- SSDEEP
  
  49152:pqwBh9NbCoGOf3hglVHqyl47Gjt97AQTUVC2q7VgMbryS41CELpm1fUJ65PI6aPA:pUoGOPavHqyv7qaYCYCp
Score

3^/10

discovery
behavioral11
- Target
  
  res/Lib/libwinpthread-1.dll
- Size
  
  76KB
- MD5
  
  89c36848e4e5b4b1f38d54ce286f8c77
- SHA1
  
  91bcff0258201826a77615bdad7d7315b0885af4
- SHA256
  
  3f41452eb1e3aac78fd29e83a530154ff8ae66f2e70a9d54b92ed49b57cdf2fe
- SHA512
  
  dde9b72c1396cfdcc74a22989cc10e367cd03b9abee474d647272f6c8e8aa2a6b868804c335bc2773a5e3ba66dd390e7dabe78344b5839c06315b04cc62a5a2d
- SSDEEP
  
  1536:dj+7MrgyymQhXeVt3UcffVrl9jETRopN655HhUoEi1zuRvwHd541wQ04Mim3YCgb:dj0MrMmL30TuauRvw921wQ0Pim3YCgma
Score

3^/10

discovery
behavioral12
- Target
  
  platformBinary32/bin/JAWTAccessBridge-32.dll
- Size
  
  15KB
- MD5
  
  ccd58c430a0049dc247d47abe2b07154
- SHA1
  
  8b0ed098ad4e52244e18582fc0fa20fdb3cf9041
- SHA256
  
  2e2019435694b89a7ef49ab75cf291278417bff384b814da1e451285cb8d64c1
- SHA512
  
  6401a133638b399eea66005af81e5eee0acb384927b79c4c241d2c97a731a384ec567649a3a2b0a5163a3c9ddf1a2ee3402660a0c4f87b9ce4a2d172e9f133e9
- SSDEEP
  
  192:TcdMm5Y8m3XLPVT65smse6ziuK7DWpHTyFonI7CY0ouasnZHSF:iMOa7PVHm4ziukDGyonxLPnhy
Score

3^/10

discovery
behavioral13
- Target
  
  platformBinary32/bin/JAWTAccessBridge.dll
- Size
  
  15KB
- MD5
  
  18a83919deb33b572e42b08000e362a1
- SHA1
  
  24cf5bdc5d6d50d5fed3f0cd7bfc401387c0ea00
- SHA256
  
  4227bc0f4ca568c8bb84cb01705ecad235826297a4b942cd56f2f2a3cfd882c1
- SHA512
  
  b126e3a03739b84ea45ec51f259906d8e2d0b6bbf351382739aa2f65a7a168028e4cd1e1335c4e7ab8ef09a65f20a89722ec695e0fef9e5c69db17d3084b0027
- SSDEEP
  
  192:VqcdMr5Y53XLPVT6ts6a5e1HVuurDWpHTyFonI7CY1duasnZHmR:VJMNW7PVp6THVuMDGyonNPnhw
Score

3^/10

discovery
behavioral14
- Target
  
  platformBinary32/bin/JavaAccessBridge-32.dll
- Size
  
  126KB
- MD5
  
  d382150d3dbfe4752fbe2ee23f10f1c9
- SHA1
  
  d482e342b8f20d6b5c249ecfa0dd6ab95514f32d
- SHA256
  
  10380aabe130ebb62ecf3d09620e8e15fd2335a1ea2faf74c41d057d9e06eee4
- SHA512
  
  72099a0599fd15f4ede5d295cc2e478fa6cd9a7a820f801fd55e634ce03a0cb002471d77329b0d74a72ab964ec8475342f29aeb3b709f0d08d58503dc9fdea2b
- SSDEEP
  
  3072:kvAznTOzUca38u4nSK/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mf:kvcwUca35BZnQvw
Score

3^/10

discovery
behavioral15
- Target
  
  platformBinary32/bin/JavaAccessBridge.dll
- Size
  
  125KB
- MD5
  
  8fb0d7aa10d26f3e64dd97e1e0373356
- SHA1
  
  9e985ba111d6ce33e582ccf00bb618437402ce16
- SHA256
  
  d8f4728c6a835509cd5a26bdcd248b4176127c5b62f914da9e8a060b354cca73
- SHA512
  
  d44de642eb3db09fb521d9445ac873cbfd97c8560754fd0832454bdf031d29571716579914d1ad2ae6a218a5bd4f1dd9a38736ac392d7144ff41c5bb88556103
- SSDEEP
  
  3072:IpVJG+7UHP/g791fU+MExgK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8Shzzk:IHU2Uv/W99U7xZnwsr
Score

3^/10

discovery
behavioral16
- Target
  
  platformBinary32/bin/WindowsAccessBridge-32.dll
- Size
  
  97KB
- MD5
  
  a344973ef854091e2f66168f95818140
- SHA1
  
  9402e4e5b17c11459cb19631ae25b2026ef22829
- SHA256
  
  bc18778df9b32a4dedd8c9a98908be58989a256d1b241aa0a1dec08113a7750e
- SHA512
  
  80482e45bf70d34664dc9d6ac1ebf1feb41fff08614df69cd0d200d2c489a31504f017c371542f4678f4ffa4d8a2db91cd12a3656ebe4d92ab6da37cbf268786
- SSDEEP
  
  1536:BRQLZsRXloJQrrUQ+1oIiYlM/qNX8cCkxTVPXIecTaN80nstj:B31loJQrIQ+EYlMiucbpIecudsd
Score

3^/10

discovery
behavioral17
- Target
  
  platformBinary32/bin/WindowsAccessBridge.dll
- Size
  
  95KB
- MD5
  
  3de11b70769b2029c69bb72e054976e2
- SHA1
  
  c7f60a0c9e22189b496cee19a038521c257a4d9a
- SHA256
  
  eceadccbe120bbe6fd265fe6b19be43148ab0eda663dd866fd8db764a4cadd22
- SHA512
  
  e0d4f3188e6c360676c781f13637f7bf7629cad690846a59210152d5c0d4b4bf4aec87a69befb771dc2f5eee92d1aefd19d3bebea7cb9020e29f1574853d2a17
- SSDEEP
  
  1536:P1LbpRSr0L5fk61kcB2iY39wqwXIA2kUnXbIXp8Whyj8Fk3W:/R9lk61kwY39zTA2bIXlwQFkm
Score

3^/10

discovery
behavioral18
- Target
  
  platformBinary32/bin/apktool.bat
- Size
  
  135B
- MD5
  
  b02966b106045115fa8ef94a4e67537b
- SHA1
  
  f901df8bbfe8fe50e560e625a27da1c6c4f0e9b3
- SHA256
  
  3d8108beb40535e68e7f6421a4309408ea5efab91707fa25d862154e3cc9b6df
- SHA512
  
  6274a4568285c74985b095d1dd5649044b61cb7c372dc4653c62a2b92833df477f5a5453be0e598622918b4e6c27064a57e5fba1a657dd064e6d9598fe2f94cc
Score

3^/10

discovery
behavioral19
- Target
  
  platformBinary32/bin/apktool.jar
- Size
  
  19.1MB
- MD5
  
  361f0c97e34aa93c7c1d8aa3e4828f69
- SHA1
  
  f19cead377b1db01b2c7e1348aebb40e071ec548
- SHA256
  
  bc2b9a87ac5a86905b6ca343c21a0db3bc37bdd51154bc9cdf65523d95895d34
- SHA512
  
  3cab65fe5cdbcc072f486281cbc1efde84eb0ecb5db52bd633c07640bf3f09fb79861df303e9c569f1399aa307226545ff0973039c31c3934a70890c6af5f48e
- SSDEEP
  
  393216:CkyM3Zw9Rt5P66rAHKFNn514GWU/zgY6tKJzlWhkvOS4eSa:CHoA5AKF7zR/t6tKF+iSa
Score

1^/10
behavioral20
- Target
  
  platformBinary32/bin/attach.dll
- Size
  
  20KB
- MD5
  
  6dd0a2706bd9a72b8853aa8d73181aab
- SHA1
  
  e0d1ad244487e457d9f1800e983127d9f5d676ab
- SHA256
  
  7370a6e3533dfa636e39c0a5840a92ac7ef34931c5ff6f44099c711478a8ee93
- SHA512
  
  2080baf6bda35f558a5e108604bf2a4957604243a905b273db6098f9ce3fa3302bae682e6ffe5b713de697ca7431e3e7f6d2a5f0e32f82b85f48e90ceceda1ac
- SSDEEP
  
  384:t/ohb9sWVkmcBks79668W1W7PPVEoR7f8DGyonRPnhZ:Foh8Dk6XUd3f8DGyQhZ
Score

3^/10

discovery
behavioral21
- Target
  
  platformBinary32/bin/awt.dll
- Size
  
  1.1MB
- MD5
  
  cd0a21f0fdf44816aae899b4d5fac5af
- SHA1
  
  8bc88fe7c9ece0910aff85a7b07578047602d202
- SHA256
  
  0a6fa37644d15b6d6e89faa05522cd7c61a455b3f5fea2bc8d82d4fd881663f0
- SHA512
  
  61a774c9aa85d7ad555e31d8ee4c93ea6041b3f01bf2fcb67dd430b4daae8c68393932428b4c34e6798e9c14b04502694b95accb12bf10cdff671736d01d7005
- SSDEEP
  
  24576:vE+LI8ZMrDMnUGO7BuEdh9GBA15phfbcbq:8qGjfL
Score

3^/10

discovery
behavioral22
- Target
  
  platformBinary32/bin/clhsdb.exe
- Size
  
  16KB
- MD5
  
  ccd51eab4a0a66da11b6c1e01a17bda0
- SHA1
  
  a67c0a4702c51b457035b8ee95e0d3f7c45c4c10
- SHA256
  
  b7eaba3a063ba32ee23701319656b86cec28ccc6c0fe4b42fb13e51bb3414162
- SHA512
  
  6c9d73eee961b3c0d82a44bfcd86e0fe54c977ca5b284c775c5fcf05378d9d8f633aab9ec41c6499a42fec1ad3bf57f0a031f08e658a11dedd0dfc4f1995971d
- SSDEEP
  
  384:GpsW5cnZLOHmSHhV8I7IjeCrcyDGyoniPnhV8z:Gps9nIGS/8KICCzDGy3hS
Score

3^/10

discovery
behavioral23
- Target
  
  platformBinary32/bin/client/jvm.dll
- Size
  
  3.7MB
- MD5
  
  f3ab3c90201e0f092e3f69d0dc379fc4
- SHA1
  
  5b58a83a875c5aae82fc3bc738acd39f6c268d0e
- SHA256
  
  f47842d41f9e0605d24a509e4e76b8dda71894571536ccb4a50464b5f83c8420
- SHA512
  
  f6909ff9fc2526bbd3233379c2590549f211472d6f15e6f1667a523549d96836d8a2d602edf55c8c0779b28cf5d8159d27728156f8a3884868b7df8a1bbc9edc
- SSDEEP
  
  98304:Pf7HWgN5RUmWJi8jKHz8GpJY6Lcv/GEZao:Pf7HpRSJi8jKH/3Fcv/GEZao
Score

3^/10

discovery
behavioral24
- Target
  
  platformBinary32/bin/dt_shmem.dll
- Size
  
  25KB
- MD5
  
  33990e423774c2e1ef62702f52ba49ce
- SHA1
  
  20261f7d281bba8de2eb5c21d898597d8a2c585e
- SHA256
  
  37e78789078575793b9bb8a979c40b055c06a3d620e970558045a097689db6b2
- SHA512
  
  83ebfd5c10da1b591b7580afc966edf5e8a29fd4e6dcc85014d2a3e21c2db00f9856c5697bf46a2516f6817ecabf5b965077d3ac44076bed19631fa2f2315805
- SSDEEP
  
  384:x3ZQgxsj7ttBesu6PXu6ZEPG5uvjvt3VDGyonwePnhJ:x3WYsfttX/u6W+aV3VDGyqhJ
Score

3^/10

discovery
behavioral25
- Target
  
  platformBinary32/bin/dt_socket.dll
- Size
  
  22KB
- MD5
  
  4364ffbb261ee133668636fbe40ff521
- SHA1
  
  cc288d1d77451ad4cc7d7c7a951ac1fc0d2da76b
- SHA256
  
  a2f595dc28b3c1b221cca4f1fec479240cd48d5c04979a81d8fc318817650fd1
- SHA512
  
  0515041abe617ef6acb6310095053544e399f55e024fad118109c80761b6293dd1daf70ea3940ae35f01202abc2ce520f23cbb49f5dc8f78f07025f3f70293c1
- SSDEEP
  
  384:Wwdi4i9u1aIVW9sYycWl5pPVykuPDGyonxhvPnhR:Hdi3lk2sYyc85pdTuPDGyKhR
Score

3^/10

discovery
behavioral26
- Target
  
  platformBinary32/bin/fontmanager.dll
- Size
  
  228KB
- MD5
  
  3300b959d9fad66d440d4ff668b281ac
- SHA1
  
  2dd8ecc38b7780caf60daf3e7b00e4f1cd2c2b12
- SHA256
  
  b02b7a45c445e107a4c64b91a0c4697dc521d47ca4f745101f36e8678be8464c
- SHA512
  
  c636cfb471242bfb547741a06d890784f66550bfa7adfe1bc9d5706f7a758edb13eb7a3aa5347dd45440ab971e7e6a5189cd671c2288e2ea070ed6e21d5be8b0
- SSDEEP
  
  6144:SH/Njq/TQtqTNRwco0k44p5xFotFGMReiDvf/OBx8M:SH/Njq/TQtqTNRwco0k44p5xIGSI
Score

3^/10

discovery
behavioral27
- Target
  
  platformBinary32/bin/freetype.dll
- Size
  
  501KB
- MD5
  
  84cae47d5baea16f854b7d1d77d406ca
- SHA1
  
  2586373f18119f33230048f2b97bf6b4d7b81a38
- SHA256
  
  ac9651655b48c5d5f8236857c2124707c9405149c83963e223d89891a93427d1
- SHA512
  
  9b1ca654e8b9009ca29375beba892d082f3f2337fa83282d0c155e8a8384b10f81ab4fc2349b33e5645b4417b6c7d931247f94eba77e2201f740367568a45966
- SSDEEP
  
  6144:JtsMcLi9OyTYBbks+XF8XbA77soR2DDlO3XAX+0oXCxYrMDHVV+arSaWsEWmfDAX:/sMcLi9O1h+r7sNHlAwX6+5kar5fEWmo
Score

3^/10

discovery
behavioral28
- Target
  
  platformBinary32/bin/hprof.dll
- Size
  
  130KB
- MD5
  
  8e07a84cd0b6bfa807d7e883070c8a09
- SHA1
  
  13f13ee5af5b5cdff31bf0c29e9e5834d25dacd5
- SHA256
  
  0d56e6e5a98f73f21ddf87aacd4cb5a28479f4c24b2539f35d4a98f97495b0cb
- SHA512
  
  e48a9429f7005f9da5cd8893a3c373f40e8d8b184fd841cc256ec2a331ca1a869fdef448b39de939d22ba05fd2dda7b60a3216ea0f1fb614cd2cfa79ab5bdb5f
- SSDEEP
  
  3072:y0V2kbLSSaDdr8814VRGx+wEG4lgb371xiEvtmqdrBFmB/GKaVyNK:LbL9q4M1DYGK6+K
Score

3^/10

discovery
behavioral29
- Target
  
  platformBinary32/bin/hsdb.exe
- Size
  
  16KB
- MD5
  
  9df6f284cbede513869f22e6f9bc7d13
- SHA1
  
  081e3025ada371bce675050dab9759ff348d808b
- SHA256
  
  76982dbe2d5823e55dd29db18a8fa8dc31cbabb44ab038f7476902b7565742b4
- SHA512
  
  f206672bc73acfaa59cb11f871ea87e3d5b726d175d13da899ed6e25c3f557e07218c25e5d7a061eda15e3ec9211223407da6e4842e34e121f54bc746cc818ea
- SSDEEP
  
  384:GpsT5cnBLOBmSHhV8bploeCncgDGyontPnhM/:Gps+nwUS/89ldCRDGy4hM/
Score

3^/10

discovery
behavioral30
- Target
  
  platformBinary32/bin/instrument.dll
- Size
  
  114KB
- MD5
  
  5bfa85d137104aa8a56ab0b257e4fc7a
- SHA1
  
  093413032912d9fa21711868fd323d0169bd7c72
- SHA256
  
  c731e494bd9b4696cd5da5947ec4331b0ce6982c7406e21bc883aa095f6f3d3c
- SHA512
  
  7a26fedc02a6652fe06416fc35d2dd0f50cfd78376e69b35b40771b6fcc18fef226075ecfbca2cfb77e2d8044260ce81c0fbfe92f03d5746aac724e5b46dae50
- SSDEEP
  
  3072:IyqHyVOqh/8fMu3OcdxKYreYuDUfTBfrzWKUZ:Iyqy18f33OUcYrePDUfTBsZ
Score

3^/10

discovery
behavioral31
- Target
  
  platformBinary32/bin/j2pcsc.dll
- Size
  
  17KB
- MD5
  
  84ecc5ef6b37e60ac58dc06b3e65c3af
- SHA1
  
  6a785a6bc804cd86dd3dc264ac5d9d2763bfb077
- SHA256
  
  35f9e8a0350886ed3778a28b87bd271a3edd7f8b94165618a2e294c8a12b8775
- SHA512
  
  f8369d77771bd784895aefe478664fc28a2b835883783af3244065caf95f496aa729d2fa19d54b080b65d48da6fd530a59842ab900136479bc9e2dc810e4f741
- SSDEEP
  
  384:JBoJkChdwVSanonPV5cyE7jbADGyonp0GPnh2:JuJkG2YzndujcDGyTuh2
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

UPX packed file

Xred family

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Xred

Xred family

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32