General
-
Target
1d2b1ba3f33c7907d4237f43da88fad0_NeikiAnalytics
-
Size
303KB
-
Sample
240510-2h4yeadf6y
-
MD5
1d2b1ba3f33c7907d4237f43da88fad0
-
SHA1
e039b949b860830e52cb605488a08b2427741dc0
-
SHA256
9d52880405f143f4767964297a44c5a2862eb9ef177d2698bdd3b0e9f274c50a
-
SHA512
3f32d854ab3ba8703af369d8c5ea27cd6867687d46fc1e5217752764ef1d284fdf77d7067e2309ee0427f44cebaeb67909a28f55d4ec1831585db8a336dd2869
-
SSDEEP
6144:5zUpbpjNOh1kAh/0PiAfhTBs9XDf3PAzVeC:8bpjNOEphKD3AzoC
Malware Config
Extracted
xehook
https://unotree.ru/
https://aiwhcpoaw.ru/
Targets
-
-
Target
1d2b1ba3f33c7907d4237f43da88fad0_NeikiAnalytics
-
Size
303KB
-
MD5
1d2b1ba3f33c7907d4237f43da88fad0
-
SHA1
e039b949b860830e52cb605488a08b2427741dc0
-
SHA256
9d52880405f143f4767964297a44c5a2862eb9ef177d2698bdd3b0e9f274c50a
-
SHA512
3f32d854ab3ba8703af369d8c5ea27cd6867687d46fc1e5217752764ef1d284fdf77d7067e2309ee0427f44cebaeb67909a28f55d4ec1831585db8a336dd2869
-
SSDEEP
6144:5zUpbpjNOh1kAh/0PiAfhTBs9XDf3PAzVeC:8bpjNOEphKD3AzoC
Score10/10-
Detect Xehook Payload
-
Xehook stealer
Xehook is an infostealer written in C#.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-