General

  • Target

    3a418c405775b28492716a0522b4a327b31ed31697109031c4bc3b1222fe1410.exe

  • Size

    368KB

  • Sample

    241004-bpt4nswgpp

  • MD5

    f258b2b6ffa6756d5f445b1b62685142

  • SHA1

    0c8de6923e6481bd63052539f296dc3b16038a85

  • SHA256

    3a418c405775b28492716a0522b4a327b31ed31697109031c4bc3b1222fe1410

  • SHA512

    2a3822658e7a40b5f311066a7d687896eaa4cbea5b5469482bd86201b803bb6008af1a8b09fc50cd178e18b0a6e793540d3afdd0c9ef35e0f4ca2509db254a78

  • SSDEEP

    6144:Ex2oxysMCtUkokSjQhmocTA5QeT4j2tm9o3pXlBVB4wmhA5MKsEB62z:ExPoB0z5Qm4+XlBVB4wmhA5MKsEB62

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes
  • id

    185

  • token

    xehook185936398232728

Targets

    • Target

      3a418c405775b28492716a0522b4a327b31ed31697109031c4bc3b1222fe1410.exe

    • Size

      368KB

    • MD5

      f258b2b6ffa6756d5f445b1b62685142

    • SHA1

      0c8de6923e6481bd63052539f296dc3b16038a85

    • SHA256

      3a418c405775b28492716a0522b4a327b31ed31697109031c4bc3b1222fe1410

    • SHA512

      2a3822658e7a40b5f311066a7d687896eaa4cbea5b5469482bd86201b803bb6008af1a8b09fc50cd178e18b0a6e793540d3afdd0c9ef35e0f4ca2509db254a78

    • SSDEEP

      6144:Ex2oxysMCtUkokSjQhmocTA5QeT4j2tm9o3pXlBVB4wmhA5MKsEB62z:ExPoB0z5Qm4+XlBVB4wmhA5MKsEB62

    • Xehook stealer

      Xehook is an infostealer written in C#.

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks