xehook | 617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c | Triage

Sharing

General

Target

617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c
Size

230KB
Sample

241009-1fd4jayfne
MD5

975e9b53538e129219e9c4ffd6ef4167
SHA1

3fb4f3517d7004cf4696334aa116003765a715b3
SHA256

617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c
SHA512

f29d5497ffb0a5fa0ea15d85b4f96e40aa527319aa812f9be2e44a5e058f36a1e2621e09445ebc72a00ec440ebae6579accb12d5fd09e7f1f843f03863f704d5
SSDEEP

6144:B0rsn91Wi08wIeSr1OpgIaIbIZFtHhlD1b+h49YONnx+Qrvm:BZ91Wi08MpgMEqh49YONnx+Qrvm

Score

10^/10

xehook credential_access discovery stealer

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes

id
208
token
xehook208585951630880

Targets

- Target
  
  617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c
- Size
  
  230KB
- MD5
  
  975e9b53538e129219e9c4ffd6ef4167
- SHA1
  
  3fb4f3517d7004cf4696334aa116003765a715b3
- SHA256
  
  617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c
- SHA512
  
  f29d5497ffb0a5fa0ea15d85b4f96e40aa527319aa812f9be2e44a5e058f36a1e2621e09445ebc72a00ec440ebae6579accb12d5fd09e7f1f843f03863f704d5
- SSDEEP
  
  6144:B0rsn91Wi08wIeSr1OpgIaIbIZFtHhlD1b+h49YONnx+Qrvm:BZ91Wi08MpgMEqh49YONnx+Qrvm
Score

10^/10

discovery xehook credential_access stealer
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xehookcredential_accessdiscoverystealer