General

  • Target

    27.exe

  • Size

    149KB

  • Sample

    240712-rw7lcazdmh

  • MD5

    ee3b16d7188ad9b08cb1cbe52708b134

  • SHA1

    946ec3b88c7eb1442512cd1ba450b05132e48dc6

  • SHA256

    b134607a248dfe314215ffab39636416dab92d791314f667dbcf9e9c5932d26e

  • SHA512

    2c1272dd493ff6361dcadfbbffc39aaa8c84a3a7b925597de0fa12381c045307943e7bb3827b5c22709c2be010c2d0e1036c79c5f933c58ee05acabb672ab542

  • SSDEEP

    3072:vOWXtBuFND5H/QUszPu4bk5GB2fu3/X9e5FuZl1yotj3ZzQ2pw22sIq/L:vh9BuFND5H/QUszPrFBeuZl1yotj3Zzw

Score
10/10

Malware Config

Targets

    • Target

      27.exe

    • Size

      149KB

    • MD5

      ee3b16d7188ad9b08cb1cbe52708b134

    • SHA1

      946ec3b88c7eb1442512cd1ba450b05132e48dc6

    • SHA256

      b134607a248dfe314215ffab39636416dab92d791314f667dbcf9e9c5932d26e

    • SHA512

      2c1272dd493ff6361dcadfbbffc39aaa8c84a3a7b925597de0fa12381c045307943e7bb3827b5c22709c2be010c2d0e1036c79c5f933c58ee05acabb672ab542

    • SSDEEP

      3072:vOWXtBuFND5H/QUszPu4bk5GB2fu3/X9e5FuZl1yotj3ZzQ2pw22sIq/L:vh9BuFND5H/QUszPrFBeuZl1yotj3Zzw

    Score
    10/10
    • Detect Xehook Payload

    • Xehook stealer

      Xehook is an infostealer written in C#.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks