General
-
Target
041ab886cac2a8e2b79fc486390d5510N
-
Size
480KB
-
Sample
240912-yg58as1djl
-
MD5
041ab886cac2a8e2b79fc486390d5510
-
SHA1
30625cd6be8c5c2603cae540034948aa71022d97
-
SHA256
4f179bb1925c0adf5cb44697a3f0986bd17bc65de686084641ef22c0a75b0a28
-
SHA512
7aa4a6dc2c168c9b8de6ddc4f14f632f6d42017f46acc6dbb23b12969c03d9d17def89f062b4a37354691e06f227f4f4d95ef0c2f87b3b798bf58836ae10e6e4
-
SSDEEP
12288:U+En/eRuTRgPZOZUtRJbZTzPk99GstRUvo9PR0KZYEDop5k5q70zlDbjflq54GaT:ejTREtRJb9TT
Static task
static1
Behavioral task
behavioral1
Sample
041ab886cac2a8e2b79fc486390d5510N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
041ab886cac2a8e2b79fc486390d5510N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
xehook
2.1.5 Stable
https://t.me/+w897k5UK_jIyNDgy
-
id
301
-
token
xehook301447049203312
Targets
-
-
Target
041ab886cac2a8e2b79fc486390d5510N
-
Size
480KB
-
MD5
041ab886cac2a8e2b79fc486390d5510
-
SHA1
30625cd6be8c5c2603cae540034948aa71022d97
-
SHA256
4f179bb1925c0adf5cb44697a3f0986bd17bc65de686084641ef22c0a75b0a28
-
SHA512
7aa4a6dc2c168c9b8de6ddc4f14f632f6d42017f46acc6dbb23b12969c03d9d17def89f062b4a37354691e06f227f4f4d95ef0c2f87b3b798bf58836ae10e6e4
-
SSDEEP
12288:U+En/eRuTRgPZOZUtRJbZTzPk99GstRUvo9PR0KZYEDop5k5q70zlDbjflq54GaT:ejTREtRJb9TT
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-