Extracted

• • Target

    fuck.exe

  • Size

    480KB

  • MD5

    041ab886cac2a8e2b79fc486390d5510

  • SHA1

    30625cd6be8c5c2603cae540034948aa71022d97

  • SHA256

    4f179bb1925c0adf5cb44697a3f0986bd17bc65de686084641ef22c0a75b0a28

  • SHA512

    7aa4a6dc2c168c9b8de6ddc4f14f632f6d42017f46acc6dbb23b12969c03d9d17def89f062b4a37354691e06f227f4f4d95ef0c2f87b3b798bf58836ae10e6e4

  • SSDEEP

    12288:U+En/eRuTRgPZOZUtRJbZTzPk99GstRUvo9PR0KZYEDop5k5q70zlDbjflq54GaT:ejTREtRJb9TT

  Score

  10^/10

  discoveryxehookcredential_accessstealer

  • Xehook stealer

    Xehook is an infostealer written in C#.

    stealerxehook

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3behavioral4