Overview

overview

9

Static

static

3

build.exe

windows7-x64

7

build.exe

windows10-2004-x64

9

Resubmissions

10/08/2024, 02:59

240810-dgzejaxamf 9

10/08/2024, 02:46

240810-c9bcqswfpa 9

10/08/2024, 02:40

240810-c58gnssdlj 9

Sharing

Copy URL Twitter E-mail

General

  • Target

    xehook197962030370407.zip

  • Size

    515KB

  • Sample

    240810-dgzejaxamf

  • MD5

    fd41565cde67ed4adff8a2963fb08135

  • SHA1

    ed88db0a0a4a9fb9a4d324300d7258d71b62f353

  • SHA256

    13dcc8e21e7ce1aa8ffc421da3e790ae3dcfbe1451f2585f92853e1069f99b9e

  • SHA512

    4817c8cf8a491994b1dc27be5d0d2dcc1e0190858008c4e28b152cbf26f0c16d899b517d60271e2b5ddf791c3e3033044f25e03a00746a61857bfa0df5ddf14e

  • SSDEEP

    12288:5nYp3HGxNCguP8Yeeu+mtGH1nydv1SIND+kEklEsde9qF3HrJIMiijE/k80bVhIC:5Yp2xogAFbuKgeq

Score
9/10
credential_accessdiscoverystealer

Malware Config

Targets

    • Target

      build.exe

    • Size

      515KB

    • MD5

      13e64d45566e74747d00318830509a41

    • SHA1

      262a1c1937774380ae8777f8c4c8e267465aaa7c

    • SHA256

      645df1d69ea713e9f34698e80a0dd4963e7915729658588ba4b0765ffa656536

    • SHA512

      2b37297df7fcc059a4b9e68ea058f35133f4c1b10d6c843ecd4222c6112a91372890cbb9d3df344b5e9dbe9e130312d23e2f39fbe241076a5354b770b4a6dec1

    • SSDEEP

      12288:4nYp3HGxNCguP8Yeeu+mtGH1nydv1SIND+kEklEsde9qF3HrJIMiijE/k80bVhIM:4Yp2xogAFbuKge

    Score
    9/10
    discoverycredential_accessstealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks