Extracted

• • Target

    01ffe49f3718dcb41ddd63aadd76a3bd342de6f7549697033325830828bcfdf7

  • Size

    313KB

  • MD5

    b99a7c6c9e6a2eb2945d894b2ce2c63b

  • SHA1

    e09a2fecf1f27cc81a585c1c68d5deb792162118

  • SHA256

    01ffe49f3718dcb41ddd63aadd76a3bd342de6f7549697033325830828bcfdf7

  • SHA512

    f3b5c5699a5af49b1f46b0eada0f04574321723b3e26a86ec09ca1debcee9849e81e04d293e092dcab7e7fb08aa17dc14c8b3c0cec563c45edb89d80742fde57

  • SSDEEP

    6144:0q+vsBU5EVVJlAD7yB87RU4t76wKmvlerJ9e9a6n:R+vs6TJ+U0rwFn

  Score

  10^/10

  xehookspywarestealer

  • Detect Xehook Payload

  • Xehook stealer

    Xehook is an infostealer written in C#.

    stealerxehook

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2