Overview

overview

10

Static

static

10

2025-04-10...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-10_946803c996f7c32f754b4e864a1e4ac5_amadey_darkgate_elex_magniber_poet-rat_rhadamanthys_smoke-loader

  • Size

    28.7MB

  • MD5

    946803c996f7c32f754b4e864a1e4ac5

  • SHA1

    c982b2e7dd6844327f4a77e9a8365067345670ae

  • SHA256

    f642d048f822c9b363135f29b649077f9d5371460644add8a38cd1211aa76e4b

  • SHA512

    b57e51b90fb25701cdb1bda2717d6a836643bee8d8b1f7729b0c1d8a9b5cbcce1eba35b028f21cfef851de446c6ef4ed23feaf8849820ba8b385572b018fb251

  • SSDEEP

    393216:Bn1a552kjgDWzYQqD/Jf59RqWEOax8eX+bLJItmNiL5yTG1M16PExfe9zMHl:J1aljQWz0xRqbGeO8m4ll8f1Hl

Score
10/10
xred

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Xred family
    xred
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-04-10_946803c996f7c32f754b4e864a1e4ac5_amadey_darkgate_elex_magniber_poet-rat_rhadamanthys_smoke-loader
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections