General

  • Target

    617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c

  • Size

    230KB

  • Sample

    241009-1hvjasvcnp

  • MD5

    975e9b53538e129219e9c4ffd6ef4167

  • SHA1

    3fb4f3517d7004cf4696334aa116003765a715b3

  • SHA256

    617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c

  • SHA512

    f29d5497ffb0a5fa0ea15d85b4f96e40aa527319aa812f9be2e44a5e058f36a1e2621e09445ebc72a00ec440ebae6579accb12d5fd09e7f1f843f03863f704d5

  • SSDEEP

    6144:B0rsn91Wi08wIeSr1OpgIaIbIZFtHhlD1b+h49YONnx+Qrvm:BZ91Wi08MpgMEqh49YONnx+Qrvm

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes
  • id

    208

  • token

    xehook208585951630880

Targets

    • Target

      617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c

    • Size

      230KB

    • MD5

      975e9b53538e129219e9c4ffd6ef4167

    • SHA1

      3fb4f3517d7004cf4696334aa116003765a715b3

    • SHA256

      617bce7ff2b080b7839d8b1a99eebe44e25834902c106c237c0a36264a14f41c

    • SHA512

      f29d5497ffb0a5fa0ea15d85b4f96e40aa527319aa812f9be2e44a5e058f36a1e2621e09445ebc72a00ec440ebae6579accb12d5fd09e7f1f843f03863f704d5

    • SSDEEP

      6144:B0rsn91Wi08wIeSr1OpgIaIbIZFtHhlD1b+h49YONnx+Qrvm:BZ91Wi08MpgMEqh49YONnx+Qrvm

    • Xehook stealer

      Xehook is an infostealer written in C#.

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks