General
-
Target
file.exe
-
Size
351KB
-
Sample
240225-pp2emscc8s
-
MD5
8f81cbad65802a563f4c6828ad59e382
-
SHA1
732d20205b2c7879a138bf89bae0d272166d8961
-
SHA256
f3811d1e3adf12256e3d60d5f83b8e4066d42de822cdd6da4c522c19737dcaa9
-
SHA512
072f837658ec1387cd44f9b4119b0fc52a67f8e5a8334c56fbae88de6564b9f65b313dfb473900e41a6989b33d3f02373aaf40f280b826f3f8bfe9251ecb1166
-
SSDEEP
3072:yk6yIlOwVEC7i+lv5e4nAFOkrDJmnKNJT3EfqBDTSIJ47faaV0OJrVZO+zuiGFZ4:KM2ECm+lvc+C5VQyWdGAiQmN8R
Malware Config
Targets
-
-
Target
file.exe
-
Size
351KB
-
MD5
8f81cbad65802a563f4c6828ad59e382
-
SHA1
732d20205b2c7879a138bf89bae0d272166d8961
-
SHA256
f3811d1e3adf12256e3d60d5f83b8e4066d42de822cdd6da4c522c19737dcaa9
-
SHA512
072f837658ec1387cd44f9b4119b0fc52a67f8e5a8334c56fbae88de6564b9f65b313dfb473900e41a6989b33d3f02373aaf40f280b826f3f8bfe9251ecb1166
-
SSDEEP
3072:yk6yIlOwVEC7i+lv5e4nAFOkrDJmnKNJT3EfqBDTSIJ47faaV0OJrVZO+zuiGFZ4:KM2ECm+lvc+C5VQyWdGAiQmN8R
Score10/10-
Detect Xehook Payload
-
Xehook family
-
Xehook stealer
Xehook is an infostealer written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3