Overview

overview

10

Static

static

10

031fc43e40...25.exe

windows7-x64

10

031fc43e40...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    031fc43e40930165bceec81343f423e652adefc1e91e4a525c2348859c22ea25

  • Size

    758KB

  • MD5

    0f26f5fd169878b2bffa2e359db64ca7

  • SHA1

    91005b2391739d0355bfc4aa9b48378313ad80e3

  • SHA256

    031fc43e40930165bceec81343f423e652adefc1e91e4a525c2348859c22ea25

  • SHA512

    5526b5fc7f4f02d63ad7acf02f914355d4bb476344d9b2866e08d709ee25babdadae21fc314e68b0e07b476b211eac5efdf701d2e495795952cced34f4096935

  • SSDEEP

    12288:mMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ifj:mnsJ39LyjbJkQFMhmC+6GD9q

Score
10/10
xred

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Xred family
    xred
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 031fc43e40930165bceec81343f423e652adefc1e91e4a525c2348859c22ea25
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections