General
-
Target
496219a22d96d4eb4c699045521b7fa73bba242d4e84e62f565e8d8046fa00c5
-
Size
1.0MB
-
Sample
240530-2t5dbacg8y
-
MD5
585d16749fda38cb7f8a987137890167
-
SHA1
0b3f1064b2f0ddf397552e442e99e1c233c67df1
-
SHA256
496219a22d96d4eb4c699045521b7fa73bba242d4e84e62f565e8d8046fa00c5
-
SHA512
784c3a2e3fa3e90f57ed059a5bc204441da3ebc173a93b67e752f84cc2e2cf0f4ddc49aabeaa3233053e49d51633f6bb93a90c0735292084305b00bf79b2c632
-
SSDEEP
24576:23xZfO09c1MhIix2MZimC8GRPrvbyK5glhZ:23xhc1AIix2MUhRjvbyUe
Static task
static1
Behavioral task
behavioral1
Sample
496219a22d96d4eb4c699045521b7fa73bba242d4e84e62f565e8d8046fa00c5.exe
Resource
win7-20240221-en
Malware Config
Extracted
xehook
2.1.5 Stable
https://ussrconnect.ru/
https://c0nnect1ng.ru/
https://vodkaenjoy.ru/
-
id
105
-
token
xehook105401801
Targets
-
-
Target
496219a22d96d4eb4c699045521b7fa73bba242d4e84e62f565e8d8046fa00c5
-
Size
1.0MB
-
MD5
585d16749fda38cb7f8a987137890167
-
SHA1
0b3f1064b2f0ddf397552e442e99e1c233c67df1
-
SHA256
496219a22d96d4eb4c699045521b7fa73bba242d4e84e62f565e8d8046fa00c5
-
SHA512
784c3a2e3fa3e90f57ed059a5bc204441da3ebc173a93b67e752f84cc2e2cf0f4ddc49aabeaa3233053e49d51633f6bb93a90c0735292084305b00bf79b2c632
-
SSDEEP
24576:23xZfO09c1MhIix2MZimC8GRPrvbyK5glhZ:23xhc1AIix2MUhRjvbyUe
-
Detect Xehook Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-