xehook | 3974d051f1e07090bc0e0ca46f7a1268dc91e6e2bd2ceb2855ff36720d7313ba | Triage

Submit
Reports

Overview

overview

Static

static

3

Cheat.exe

windows10-2004-x64

Sharing

General

Target

Cheat.exe
Size

305KB
Sample

240524-p5tpqsdf9y
MD5

5a54c4466bea3ff4c9b82f290f46c64c
SHA1

5065c65911b019215bb9a4b01274f2847796183e
SHA256

3974d051f1e07090bc0e0ca46f7a1268dc91e6e2bd2ceb2855ff36720d7313ba
SHA512

420c765462ec052fb41ea2ed1fb04f9db919d533359adafc75a03d91f53cc53c6e30e20cb3c9f6db8926af3b88c7bdc70e10c78c57459c8b088aa825541ce750
SSDEEP

6144:25LngjinXjXuZzmrQoO778LVcXneHDKcVAqR4NZr/SAI76MfXyHeC6up:2Zngj8kP8LVAnejKc2S2E+ipup

Score

10^/10

xehook spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Cheat.exe

Resource

win10v2004-20240426-en

xehook spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://ussrconnect.ru/

https://c0nnect1ng.ru/

https://vodkaenjoy.ru/

Attributes

id
169
token
xehook169684513

Targets

- Target
  
  Cheat.exe
- Size
  
  305KB
- MD5
  
  5a54c4466bea3ff4c9b82f290f46c64c
- SHA1
  
  5065c65911b019215bb9a4b01274f2847796183e
- SHA256
  
  3974d051f1e07090bc0e0ca46f7a1268dc91e6e2bd2ceb2855ff36720d7313ba
- SHA512
  
  420c765462ec052fb41ea2ed1fb04f9db919d533359adafc75a03d91f53cc53c6e30e20cb3c9f6db8926af3b88c7bdc70e10c78c57459c8b088aa825541ce750
- SSDEEP
  
  6144:25LngjinXjXuZzmrQoO778LVcXneHDKcVAqR4NZr/SAI76MfXyHeC6up:2Zngj8kP8LVAnejKc2S2E+ipup
Score

10^/10

xehook spyware stealer
- Detect Xehook Payload
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xehookspywarestealer

© 2018-2024

Terms | Privacy