xehook | d1f0f17e91e91cc4e1647c2aa8a7f39af2793125[.]rl[.]zip | Triage

Sharing

General

Target

d1f0f17e91e91cc4e1647c2aa8a7f39af2793125.rl.zip
Size

57KB
MD5

011c74a79dcb47c70b115a1033e46be2
SHA1

90d5b7fe533d7cc30463a06ad975c3d5301a0663
SHA256

bf45f4bb83f70f8bc641f39b56be47f5bf7b3b9f2609dedcb7ad1004aa5d84b1
SHA512

7beae7a2df9adcbd8c8cd79efa7e63ac8eb3e030f8efd2bca28cadd424d226bc0afd69a04eacf4432be07b695058ccc10fe3c863bf3713399625804f82be536d
SSDEEP

1536:T+15Ge/MLWsMvJaNNaWQd/uCIADnavIAQdd/k20Nfn4RA:C1B/MyWNPy/PjWvah0N/j

Score

10^/10

xehook

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes

id
301
token
xehook301447049203312

Signatures

Xehook family
xehook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/d1f0f17e91e91cc4e1647c2aa8a7f39af2793125.rl

Files

d1f0f17e91e91cc4e1647c2aa8a7f39af2793125.rl.zip
.zip

Password: infected
d1f0f17e91e91cc4e1647c2aa8a7f39af2793125.rl
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ