Extracted

• • Target

    1dbe4ba8f382a47c48facfd9360fac10.exe

  • Size

    353KB

  • MD5

    1dbe4ba8f382a47c48facfd9360fac10

  • SHA1

    08b5c20e80e71abfaa842697a1e9ed3ee76feeee

  • SHA256

    b9e5ab4620dc672f82c5d9d32459fd7a6a13960be269d8b13b8b4b6a1a33cf66

  • SHA512

    8920aff361ff91c18a08b16076215c30f4fc7c8ffd0de9fa822698c66165324545a20103d971f5e093c147cd5987d85ad9fb64969eba4ea67fc728641b13e992

  • SSDEEP

    6144:3YidRQfaVJpx3VZiYbEhYPQTEy/gbs4z5OOhChUU3V8i84hx7SJuV5erUuiLEO:3RaaVJpxb0wyKsK5xhdiJScXeLiLEO

  Score

  10^/10

  xehookspywarestealer

  • Detect Xehook Payload

  • Xehook stealer

    Xehook is an infostealer written in C#.

    stealerxehook

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2