xehook | 1e01835c4534de392d4bf8deeb5d36c90c583adcb244d38a7dc89135846d7ce9 | Triage

Submit
Reports

Overview

overview

Static

static

b134607a24...6e.exe

windows7-x64

b134607a24...6e.exe

windows10-2004-x64

Sharing

General

Target

ee3b16d7188ad9b08cb1cbe52708b134.bin
Size

62KB
Sample

240616-c41enswdrd
MD5

72340ddc30438a2a588e05043cf1859f
SHA1

a49dbb9147ebec41d569ad303278d96015936a74
SHA256

1e01835c4534de392d4bf8deeb5d36c90c583adcb244d38a7dc89135846d7ce9
SHA512

efee3c2f6e2317b4be5b751aae2ace20af049b319ceb2bb4b524840099e5daab3f8d434265f29405c644064586802c23b9250e9609281c497bc4cd243a258129
SSDEEP

1536:wjmz8sVRoWe1RSwz96Q3qDzcNqQmifJ24f4M4l+6Ml:wjmYwyWe1Vz9WDoqQmyJPf4M4Yp

Score

10^/10

xehook spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b134607a248dfe314215ffab39636416dab92d791314f667dbcf9e9c5932d26e.exe

Resource

win7-20240611-en

xehook spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b134607a248dfe314215ffab39636416dab92d791314f667dbcf9e9c5932d26e.exe

Resource

win10v2004-20240226-en

xehook spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  b134607a248dfe314215ffab39636416dab92d791314f667dbcf9e9c5932d26e.exe
- Size
  
  149KB
- MD5
  
  ee3b16d7188ad9b08cb1cbe52708b134
- SHA1
  
  946ec3b88c7eb1442512cd1ba450b05132e48dc6
- SHA256
  
  b134607a248dfe314215ffab39636416dab92d791314f667dbcf9e9c5932d26e
- SHA512
  
  2c1272dd493ff6361dcadfbbffc39aaa8c84a3a7b925597de0fa12381c045307943e7bb3827b5c22709c2be010c2d0e1036c79c5f933c58ee05acabb672ab542
- SSDEEP
  
  3072:vOWXtBuFND5H/QUszPu4bk5GB2fu3/X9e5FuZl1yotj3ZzQ2pw22sIq/L:vh9BuFND5H/QUszPrFBeuZl1yotj3Zzw
Score

10^/10

xehook spyware stealer
- Detect Xehook Payload
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xehookspywarestealer

behavioral2

xehookspywarestealer

© 2018-2024

Terms | Privacy