xehook | 2ab5dd6218935db97e71e5578ceaa8f87ef7ac30574216662dc6c040136ff5cf | Triage

Sharing

General

Target

supermain.exe
Size

541KB
Sample

240915-p84dcavhnm
MD5

2f61a2fdad0599146e7546d577d3772d
SHA1

281a57e57f2b415c35d5808f890da7e172a1a281
SHA256

2ab5dd6218935db97e71e5578ceaa8f87ef7ac30574216662dc6c040136ff5cf
SHA512

2830d7d546177138e0f6d2f02a47abe3bfbc05d776ea81780f0f605fe458811c67124e34cb135652f1e6a5a72b62a99640bca8796a3c9fd0360b50b3fe808dc3
SSDEEP

12288:GCWMqsBLwNQD8gABE3u5p+hY/4ewg2ZNaKCmWyOfoJVtKtnjWGuWgbHOuSMqT/Yd:XuSOfgAB0

Score

10^/10

xehook credential_access discovery stealer

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes

id
208
token
xehook208939115726271

Targets

- Target
  
  supermain.exe
- Size
  
  541KB
- MD5
  
  2f61a2fdad0599146e7546d577d3772d
- SHA1
  
  281a57e57f2b415c35d5808f890da7e172a1a281
- SHA256
  
  2ab5dd6218935db97e71e5578ceaa8f87ef7ac30574216662dc6c040136ff5cf
- SHA512
  
  2830d7d546177138e0f6d2f02a47abe3bfbc05d776ea81780f0f605fe458811c67124e34cb135652f1e6a5a72b62a99640bca8796a3c9fd0360b50b3fe808dc3
- SSDEEP
  
  12288:GCWMqsBLwNQD8gABE3u5p+hY/4ewg2ZNaKCmWyOfoJVtKtnjWGuWgbHOuSMqT/Yd:XuSOfgAB0
Score

10^/10

discovery xehook credential_access stealer
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xehookcredential_accessdiscoverystealer