General
-
Target
dce468e184c4d8413bad29aaf43f80fd4afee549e943c38d835fca9ffc7ee4cfN
-
Size
229KB
-
Sample
241009-khwhlazbpn
-
MD5
54f3c499071167f9889b0e75f9ce7050
-
SHA1
c5379e57ef22282d0211f5a248c2a65e4f9f5a0c
-
SHA256
dce468e184c4d8413bad29aaf43f80fd4afee549e943c38d835fca9ffc7ee4cf
-
SHA512
f66f5338084bebd80f96239e243ef65be072a7e41023c0f2e459e673a64a9dba83a0e38f5b9f02c9737a9f758843821306848ccd0f08b5d1e10c8a72fe93c6d7
-
SSDEEP
6144:jv2FOjUf9CYGuztMAToAQjgb3hAgwD6EQp2NzTB/+E1JT2HVU/nI+wNwp:qFOwEYGKnQj8bnEQaN1OU/nI+wNwp
Static task
static1
Behavioral task
behavioral1
Sample
dce468e184c4d8413bad29aaf43f80fd4afee549e943c38d835fca9ffc7ee4cfN.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
dce468e184c4d8413bad29aaf43f80fd4afee549e943c38d835fca9ffc7ee4cfN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xehook
2.1.5 Stable
https://t.me/+w897k5UK_jIyNDgy
-
id
374
-
token
xehook374778380619291
Targets
-
-
Target
dce468e184c4d8413bad29aaf43f80fd4afee549e943c38d835fca9ffc7ee4cfN
-
Size
229KB
-
MD5
54f3c499071167f9889b0e75f9ce7050
-
SHA1
c5379e57ef22282d0211f5a248c2a65e4f9f5a0c
-
SHA256
dce468e184c4d8413bad29aaf43f80fd4afee549e943c38d835fca9ffc7ee4cf
-
SHA512
f66f5338084bebd80f96239e243ef65be072a7e41023c0f2e459e673a64a9dba83a0e38f5b9f02c9737a9f758843821306848ccd0f08b5d1e10c8a72fe93c6d7
-
SSDEEP
6144:jv2FOjUf9CYGuztMAToAQjgb3hAgwD6EQp2NzTB/+E1JT2HVU/nI+wNwp:qFOwEYGKnQj8bnEQaN1OU/nI+wNwp
Score10/10-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-