General

  • Target

    1dbe4ba8f382a47c48facfd9360fac10.exe

  • Size

    353KB

  • Sample

    240706-aftk4ssdkf

  • MD5

    1dbe4ba8f382a47c48facfd9360fac10

  • SHA1

    08b5c20e80e71abfaa842697a1e9ed3ee76feeee

  • SHA256

    b9e5ab4620dc672f82c5d9d32459fd7a6a13960be269d8b13b8b4b6a1a33cf66

  • SHA512

    8920aff361ff91c18a08b16076215c30f4fc7c8ffd0de9fa822698c66165324545a20103d971f5e093c147cd5987d85ad9fb64969eba4ea67fc728641b13e992

  • SSDEEP

    6144:3YidRQfaVJpx3VZiYbEhYPQTEy/gbs4z5OOhChUU3V8i84hx7SJuV5erUuiLEO:3RaaVJpxb0wyKsK5xhdiJScXeLiLEO

Score
10/10

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://ussrconnect.ru/

https://c0nnect1ng.ru/

https://vodkaenjoy.ru/

Attributes
  • id

    174

  • token

    xehook174464555

Targets

    • Target

      1dbe4ba8f382a47c48facfd9360fac10.exe

    • Size

      353KB

    • MD5

      1dbe4ba8f382a47c48facfd9360fac10

    • SHA1

      08b5c20e80e71abfaa842697a1e9ed3ee76feeee

    • SHA256

      b9e5ab4620dc672f82c5d9d32459fd7a6a13960be269d8b13b8b4b6a1a33cf66

    • SHA512

      8920aff361ff91c18a08b16076215c30f4fc7c8ffd0de9fa822698c66165324545a20103d971f5e093c147cd5987d85ad9fb64969eba4ea67fc728641b13e992

    • SSDEEP

      6144:3YidRQfaVJpx3VZiYbEhYPQTEy/gbs4z5OOhChUU3V8i84hx7SJuV5erUuiLEO:3RaaVJpxb0wyKsK5xhdiJScXeLiLEO

    Score
    10/10
    • Detect Xehook Payload

    • Xehook stealer

      Xehook is an infostealer written in C#.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks