Extracted

• • Target

    cd79ecfd604545de95e763d8e09bdaa7ecced7098bd8907c221152d72f3b4bffN.exe

  • Size

    423KB

  • MD5

    5adba8077e327d248f2fa339497e50d0

  • SHA1

    e438607093f3bc6d9131258675f89d6f0ecf92ee

  • SHA256

    cd79ecfd604545de95e763d8e09bdaa7ecced7098bd8907c221152d72f3b4bff

  • SHA512

    624c375b6edbc5369b8d2729552b417cf524cc4cc0db3c41fee0c3b7296d3cd45482aaff2b0c866a41319b2e442d6d182ff2eeb4b8fa40dd822cdd9fe6a5ffce

  • SSDEEP

    6144:8EIbbfrMlP50eWNgnmKsqRykTIpGm6DNvysnUsAhwFTKLPQltrBV0xHbo/EKqn0e:8Dbz+2eWNgbZRyj9

  Score

  10^/10

  discoveryxehookcredential_accessstealer

  • Xehook stealer

    Xehook is an infostealer written in C#.

    stealerxehook

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2