xred | 8fe961474095fa6957aa2ec533acc3253440377ffbad37ca32dd2fb5cf62ee06 | Triage

Sharing

General

Target

8fe961474095fa6957aa2ec533acc3253440377ffbad37ca32dd2fb5cf62ee06N.exe
Size

2.9MB
Sample

250208-l8py6symgw
MD5

966691669a6a6c3bf67edeaccf1ba8f0
SHA1

3d961c8bad427d3692ce05e9bbe1e27d8d463a11
SHA256

8fe961474095fa6957aa2ec533acc3253440377ffbad37ca32dd2fb5cf62ee06
SHA512

ff8353172018a4c6309047298950df649dbc6f3468e9e39e644984cedfbe907f176bd26ce9ec16ce60e6227e8e1bc4647ade5860349d20d05988cdf1f858c557
SSDEEP

49152:PnsHyjt4MYC5GeiHQLkhcj2sy/yOnZMS3NTQDxX7Cc8kRD7zeq:Pnsmt4aswLKcjW/yGMoN+Obk1zf

Score

10^/10

xred backdoor discovery

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Targets

- Target
  
  8fe961474095fa6957aa2ec533acc3253440377ffbad37ca32dd2fb5cf62ee06N.exe
- Size
  
  2.9MB
- MD5
  
  966691669a6a6c3bf67edeaccf1ba8f0
- SHA1
  
  3d961c8bad427d3692ce05e9bbe1e27d8d463a11
- SHA256
  
  8fe961474095fa6957aa2ec533acc3253440377ffbad37ca32dd2fb5cf62ee06
- SHA512
  
  ff8353172018a4c6309047298950df649dbc6f3468e9e39e644984cedfbe907f176bd26ce9ec16ce60e6227e8e1bc4647ade5860349d20d05988cdf1f858c557
- SSDEEP
  
  49152:PnsHyjt4MYC5GeiHQLkhcj2sy/yOnZMS3NTQDxX7Cc8kRD7zeq:Pnsmt4aswLKcjW/yGMoN+Obk1zf
Score

10^/10

xred backdoor discovery
- Xred
  Xred is backdoor written in Delphi.
  backdoor xred
- Xred family
  xred
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xredbackdoordiscovery

behavioral2

xredbackdoordiscovery