Overview

overview

10

Static

static

10

583c1eb636...2d.exe

windows7-x64

10

583c1eb636...2d.exe

windows10-1703-x64

10

583c1eb636...2d.exe

windows10-2004-x64

10

583c1eb636...2d.exe

windows11-21h2-x64

10

Resubmissions

13-09-2024 09:50

240913-lt52vawgrl 10

13-09-2024 09:49

240913-ltjtlsxckd 10

13-09-2024 09:48

240913-ls2b9swgmp 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    583c1eb6360379032d7cf7e6a60e09cfe74c7ecd36174016f293b060537fa52d.zip

  • Size

    57KB

  • Sample

    240913-ltjtlsxckd

  • MD5

    72f6e6aa7d06934994830b2d8688bdd1

  • SHA1

    84cc4b7c4ce4e5d998dcf824d4ff9a6883d60690

  • SHA256

    48e2f49ef81bcbcf043ee031085b0f6038fa04c0992e69a2f11587cf578b78d0

  • SHA512

    04521cc3b582586f384ad5c7adfd232dfcf13e11216ec0040d9d4018bd9c0d91d65d82aac39a240a1e387cd6090976106a26cb96b740afca70f1275e19505160

  • SSDEEP

    1536:jlRxdbRvTWs+HMBPF/jxb+J5xnwuw60HWwo0rcD5L31In5qd:jlRxdF4HMBPF/tK5Rq2FZr1yEd

Score
10/10
xehookcredential_accessspywarestealer

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes
  • id

    208

  • token

    xehook208262680500151

Targets

    • Target

      583c1eb6360379032d7cf7e6a60e09cfe74c7ecd36174016f293b060537fa52d

    • Size

      151KB

    • MD5

      f635582929e0b0f2f18e1ee1fb7a84e9

    • SHA1

      1d4946ea77a2bcf432f490d0a38429102a51069b

    • SHA256

      583c1eb6360379032d7cf7e6a60e09cfe74c7ecd36174016f293b060537fa52d

    • SHA512

      0a4ac0362ebf4ce81fb187d93898e3ffdf74e6a0da96913818ebbb59a236a3897ec680cdc4599a9cf8cee8f8b7d527c4fc0abf89016bab48449995d10065d1e7

    • SSDEEP

      3072:mQHKadVFHUg2HiFI9ifi5iLLbyq8QL+wI7BJlwEKctby:BqSF/2HQlLLbyq8QL+wI7BJiEK

    Score
    10/10
    xehookstealercredential_accessspyware

    • Xehook stealer

      Xehook is an infostealer written in C#.

      stealerxehook

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks