Extracted

• • Target

    dce468e184c4d8413bad29aaf43f80fd4afee549e943c38d835fca9ffc7ee4cfN

  • Size

    229KB

  • MD5

    54f3c499071167f9889b0e75f9ce7050

  • SHA1

    c5379e57ef22282d0211f5a248c2a65e4f9f5a0c

  • SHA256

    dce468e184c4d8413bad29aaf43f80fd4afee549e943c38d835fca9ffc7ee4cf

  • SHA512

    f66f5338084bebd80f96239e243ef65be072a7e41023c0f2e459e673a64a9dba83a0e38f5b9f02c9737a9f758843821306848ccd0f08b5d1e10c8a72fe93c6d7

  • SSDEEP

    6144:jv2FOjUf9CYGuztMAToAQjgb3hAgwD6EQp2NzTB/+E1JT2HVU/nI+wNwp:qFOwEYGKnQj8bnEQaN1OU/nI+wNwp

  Score

  10^/10

  discoveryxehookcredential_accessstealer

  • Xehook stealer

    Xehook is an infostealer written in C#.

    stealerxehook

  • Loads dropped DLL

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2