xred | New Text Document mod[.]exe[.]zip

Resubmissions

13-01-2025 17:50

250113-wewjza1pes 10

13-01-2025 17:32

250113-v4m4fssrgj 10

Sharing

Copy URL

Twitter E-mail

General

Target

New Text Document mod.exe.zip
Size

392KB
MD5

209c2bed74ce311f3de2c3040f5cbd8b
SHA1

676dbe2bbf178ca27210c8a2e37aa9652f4e17d5
SHA256

672ad2d52af206cc63cebe2c801181d3b406aae5891cc57bdaafd5eea3d61fe6
SHA512

44b5207ce1a79c220ed014b7803ba4f3b89b0aa81f2232e152da9e5c8004c164a281d8806843a10590e3c55b902ef5e3f359bc117b80b11d052fe60324709324
SSDEEP

6144:PiyQGVN3t3bmwUUoI7a+OjFjjGFEduVVZ4vELL2VzCGb49pRYCEheDmDUKUQWCCJ:P/HfRx7aNFXuhTL2I70SmpXCqry

Score

10^/10

xred

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Signatures

Xred family
xred

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/New Text Document mod.exe

Files

New Text Document mod.exe.zip
.zip
New Text Document mod.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 615KB - Virtual size: 614KB

DATA Size: 12KB - Virtual size: 11KB

BSS Size: - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 57B

.reloc Size: 42KB - Virtual size: 42KB

.rsrc Size: 79KB - Virtual size: 79KB

CODE
Size: 615KB - Virtual size: 614KB

DATA
Size: 12KB - Virtual size: 11KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 57B

.reloc
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 79KB - Virtual size: 79KB