xred | e65e827181c969d994ab0e9020339d4a5d42b3dae155bc0d4554d4eda1ca11a5 | Triage

Resubmissions

08-02-2025 04:50

250208-fgkx9awmfx 10

Sharing

General

Target

CraxsRATv7.4+Injector.rar
Size

444.1MB
Sample

250208-fgkx9awmfx
MD5

13afd9009118fa684084eda885986fef
SHA1

6bed787d26d2c955285ee10d693bd347c348c207
SHA256

e65e827181c969d994ab0e9020339d4a5d42b3dae155bc0d4554d4eda1ca11a5
SHA512

9658328bf9440babd4733b7c82a37f30a0f38bfb8a2c796224f8b6ea389a05c7db0c69626094da78d5c1da77b59131f0697c6a5fab44b9c2b738429f40f4a125
SSDEEP

6291456:qAG83ajQizz/BIcDopiqn8YTeCjC934wXobvt24ezuj8d+/03lNUykkRm0yP8SkA:qN8Yl3/SOobnF6g+bkvZez7d+d784

Score

10^/10

xred agilenet discovery

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Targets

- Target
  
  CraxsRATv7.4 Injector/CraxsRat V7.4
- Size
  
  275.0MB
- MD5
  
  dda4898e5a52fef5ca616c2949629b70
- SHA1
  
  56ee2c69ae30305eae65a235d4549172fe397b38
- SHA256
  
  701fbce532f30a3a0e26add59a7c3ab810965188f6793ef6648a5d8c1ce68e5f
- SHA512
  
  0049b7bcda618678c48f7c4b4155db1b695b3686adca0655b739464e0f13e8b058be53123792f73563754b6dd8c79ae7efb09d8f1dc28d50fc78eca0134abfa1
- SSDEEP
  
  6291456:u964iqpAEAMfykkRm0yP8SkwORpmPAMDK:mXiqSEdd784vP2
Score

8^/10

discovery
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  CraxsRATv7.4 Injector/CraxsRat V7.4.exe
- Size
  
  62.0MB
- MD5
  
  d125972b55d437d2dc9e89cfa0e81785
- SHA1
  
  2b09d5a4eb8a239790393f06b0af1d4cac334b91
- SHA256
  
  df4a1582b2d000cc4ddac50aec247fa92ba13b3b822f6e05cb529b2eb94a07f7
- SHA512
  
  7ffa6176d28bf6d17f390726d5cb7f8d6b6f07adeb3b382d2eee4148f5b6ac0693421d4ef3e17b8fb263beaf3997bdb12fcd4c83199f55ab1ae9aa620a33d17d
- SSDEEP
  
  786432:8c+NX10EPRuHoA5AKF7zR/t6tKF+iS6JkKgApbLKo2:j+NX10qwAMzttZm6CKXxI
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4