xehook | 72a88efeda156c7304c5c8bd090dcb011ba3dfbbe91f5511969ba8eecee32843 | Triage

Sharing

General

Target

72a88efeda156c7304c5c8bd090dcb011ba3dfbbe91f5511969ba8eecee32843.exe
Size

226KB
Sample

241004-b1g89a1ejc
MD5

1c83b86ee49577920f79e0175f56a480
SHA1

1ac4ef5a1f9ca34ac229bc26cdc914e38173c554
SHA256

72a88efeda156c7304c5c8bd090dcb011ba3dfbbe91f5511969ba8eecee32843
SHA512

d4b4ec415e92617548e863422f653b97460be182205871bf7526fe872d110e8ac17b60472d8351bed62e20ee584424816eeafcafe69ce096596ee044e1df022d
SSDEEP

6144:d281qBlr/yJ37jLL5dd+AFi7hIis2tvRPOI7Up7jGEFHw05jPNBV:d2Geqx3lb+DII7Up7qEp5jPNBV

Score

10^/10

xehook credential_access discovery stealer

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes

id
185
token
xehook185786249114074

Targets

- Target
  
  72a88efeda156c7304c5c8bd090dcb011ba3dfbbe91f5511969ba8eecee32843.exe
- Size
  
  226KB
- MD5
  
  1c83b86ee49577920f79e0175f56a480
- SHA1
  
  1ac4ef5a1f9ca34ac229bc26cdc914e38173c554
- SHA256
  
  72a88efeda156c7304c5c8bd090dcb011ba3dfbbe91f5511969ba8eecee32843
- SHA512
  
  d4b4ec415e92617548e863422f653b97460be182205871bf7526fe872d110e8ac17b60472d8351bed62e20ee584424816eeafcafe69ce096596ee044e1df022d
- SSDEEP
  
  6144:d281qBlr/yJ37jLL5dd+AFi7hIis2tvRPOI7Up7jGEFHw05jPNBV:d2Geqx3lb+DII7Up7qEp5jPNBV
Score

10^/10

discovery xehook credential_access stealer
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xehookcredential_accessdiscoverystealer