Overview

overview

10

Static

static

10

build.exe

windows7-x64

10

build.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    build.exe

  • Size

    148KB

  • Sample

    240322-m6w55sdd7z

  • MD5

    13cc6e125c5d23fa2e6ee3159abede95

  • SHA1

    3ebc3644fb453dbf330e6880fb793e10f5cd34a4

  • SHA256

    054a9202452171a072912fa08498330319e6a27b4510e344c73721413896504d

  • SHA512

    b35b0335960ac240dbbdb92f8456abea09ea063b7233b4de15caa99fd7194c7a588bc70663a394127608b10b3f26f99f91c9ddac4fef526cc3bd62e60eda436d

  • SSDEEP

    3072:1euUEEhq+IB+NFzat1Hen5NoBwA/I1qab/n:fG4+w+NFa+3oBwA/I1qa

Score
10/10
xehookspywarestealer

Malware Config

Targets

    • Target

      build.exe

    • Size

      148KB

    • MD5

      13cc6e125c5d23fa2e6ee3159abede95

    • SHA1

      3ebc3644fb453dbf330e6880fb793e10f5cd34a4

    • SHA256

      054a9202452171a072912fa08498330319e6a27b4510e344c73721413896504d

    • SHA512

      b35b0335960ac240dbbdb92f8456abea09ea063b7233b4de15caa99fd7194c7a588bc70663a394127608b10b3f26f99f91c9ddac4fef526cc3bd62e60eda436d

    • SSDEEP

      3072:1euUEEhq+IB+NFzat1Hen5NoBwA/I1qab/n:fG4+w+NFa+3oBwA/I1qa

    Score
    10/10
    xehookspywarestealer

    • Detect Xehook Payload

    • Xehook stealer

      Xehook is an infostealer written in C#.

      stealerxehook

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks