xred | 3f0b2ee0b825bbdb0c357c5f95f1f2b281fbcca0ebc8ac53ad8dad3631ca2b02[.]exe

General

Target

3f0b2ee0b825bbdb0c357c5f95f1f2b281fbcca0ebc8ac53ad8dad3631ca2b02.exe
Size

1.9MB
MD5

40d251bb66d77d99770e4e51fb9fb875
SHA1

e5c4fe65d34c9889cfa3caca2c73846fa87e1192
SHA256

3f0b2ee0b825bbdb0c357c5f95f1f2b281fbcca0ebc8ac53ad8dad3631ca2b02
SHA512

18374e1d06d82ecdef42d7a2b476209388baeab37aeb6ff53489429e10ee20839d795f835f6e05dc294993c7f9b256fce1cc0676daa60ab73807e3699a74e1f8
SSDEEP

49152:0cErhMi/XfMYC5GDxcErhMi/XdnAkheBsMm6zJ+m8Sy0q:92ffaj2fykcaMpsR0q

Score

10^/10

xred

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes

email
xredline1@gmail.com
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Signatures

Xred family
xred

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f0b2ee0b825bbdb0c357c5f95f1f2b281fbcca0ebc8ac53ad8dad3631ca2b02.exe

Files

3f0b2ee0b825bbdb0c357c5f95f1f2b281fbcca0ebc8ac53ad8dad3631ca2b02.exe
.exe windows:4 windows x86 arch:x86

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateDirectoryA
GetTempPathA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeW

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.data Size: 52KB - Virtual size: 52KB

.rsrc Size: 12KB - Virtual size: 9KB

We care about your privacy.

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.data
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 12KB - Virtual size: 9KB