xehook | 4f179bb1925c0adf5cb44697a3f0986bd17bc65de686084641ef22c0a75b0a28 | Triage

Sharing

General

Target

fuck.bin.exe
Size

480KB
Sample

240908-29gbeszgjm
MD5

041ab886cac2a8e2b79fc486390d5510
SHA1

30625cd6be8c5c2603cae540034948aa71022d97
SHA256

4f179bb1925c0adf5cb44697a3f0986bd17bc65de686084641ef22c0a75b0a28
SHA512

7aa4a6dc2c168c9b8de6ddc4f14f632f6d42017f46acc6dbb23b12969c03d9d17def89f062b4a37354691e06f227f4f4d95ef0c2f87b3b798bf58836ae10e6e4
SSDEEP

12288:U+En/eRuTRgPZOZUtRJbZTzPk99GstRUvo9PR0KZYEDop5k5q70zlDbjflq54GaT:ejTREtRJb9TT

Score

10^/10

xehook discovery stealer

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes

id
301
token
xehook301447049203312

Targets

- Target
  
  fuck.bin.exe
- Size
  
  480KB
- MD5
  
  041ab886cac2a8e2b79fc486390d5510
- SHA1
  
  30625cd6be8c5c2603cae540034948aa71022d97
- SHA256
  
  4f179bb1925c0adf5cb44697a3f0986bd17bc65de686084641ef22c0a75b0a28
- SHA512
  
  7aa4a6dc2c168c9b8de6ddc4f14f632f6d42017f46acc6dbb23b12969c03d9d17def89f062b4a37354691e06f227f4f4d95ef0c2f87b3b798bf58836ae10e6e4
- SSDEEP
  
  12288:U+En/eRuTRgPZOZUtRJbZTzPk99GstRUvo9PR0KZYEDop5k5q70zlDbjflq54GaT:ejTREtRJb9TT
Score

10^/10

xehook discovery stealer
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xehookdiscoverystealer