General
-
Target
617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c
-
Size
230KB
-
Sample
241009-1hvjasvcnp
-
MD5
975e9b53538e129219e9c4ffd6ef4167
-
SHA1
3fb4f3517d7004cf4696334aa116003765a715b3
-
SHA256
617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c
-
SHA512
f29d5497ffb0a5fa0ea15d85b4f96e40aa527319aa812f9be2e44a5e058f36a1e2621e09445ebc72a00ec440ebae6579accb12d5fd09e7f1f843f03863f704d5
-
SSDEEP
6144:B0rsn91Wi08wIeSr1OpgIaIbIZFtHhlD1b+h49YONnx+Qrvm:BZ91Wi08MpgMEqh49YONnx+Qrvm
Static task
static1
Behavioral task
behavioral1
Sample
617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xehook
2.1.5 Stable
https://t.me/+w897k5UK_jIyNDgy
-
id
208
-
token
xehook208585951630880
Targets
-
-
Target
617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c
-
Size
230KB
-
MD5
975e9b53538e129219e9c4ffd6ef4167
-
SHA1
3fb4f3517d7004cf4696334aa116003765a715b3
-
SHA256
617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c
-
SHA512
f29d5497ffb0a5fa0ea15d85b4f96e40aa527319aa812f9be2e44a5e058f36a1e2621e09445ebc72a00ec440ebae6579accb12d5fd09e7f1f843f03863f704d5
-
SSDEEP
6144:B0rsn91Wi08wIeSr1OpgIaIbIZFtHhlD1b+h49YONnx+Qrvm:BZ91Wi08MpgMEqh49YONnx+Qrvm
Score10/10-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-