Overview

overview

10

Static

static

10

suduko.exe

windows7-x64

10

suduko.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12-07-2024 16:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    suduko.exe

  • Size

    149KB

  • MD5

    eda1749ecd5d30aebc623e3ed3679e33

  • SHA1

    36bac5bad466a15b4385bf1bc07e681682c277cd

  • SHA256

    fbbc0e3624e3fbe0cedff57c1e63f17855adb1c6b9fb83db9aec86b34e537134

  • SHA512

    d08fae35eb98f3d7c6a1dbff195510502d3c382cb2b59d8d1b46c44a5369924ac54bd1160808a28518bf121070b03c98471881f560e69f26df90be6b9b7320db

  • SSDEEP

    3072:mF1w5ZnALHQ1h18DI1+u5hIBzl+J3fu3/Xd35qVpUnTiuPA9QPOFqGxB1/D:UqjnALHQ1h18DI1++kObVpUnTiuPA9Qm

Score
10/10
xehookspywarestealer

Malware Config

Signatures

  • Detect Xehook Payload 1 IoCs
  • Xehook stealer

    Xehook is an infostealer written in C#.

    stealerxehook
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\suduko.exe
    "C:\Users\Admin\AppData\Local\Temp\suduko.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2176-0-0x000007FEF5B03000-0x000007FEF5B04000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2176-1-0x0000000000990000-0x00000000009BC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2176-2-0x0000000000140000-0x000000000015A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2176-3-0x000007FEF5B00000-0x000007FEF64EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2176-4-0x000007FEF5B00000-0x000007FEF64EC000-memory.dmp

    Filesize

    9.9MB

    Download