Overview

overview

10

Static

static

3

97178f14ce...08.exe

windows7-x64

7

97178f14ce...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3d70a1184d7194dc0bed6dc4ecc80348.bin

  • Size

    202KB

  • Sample

    241020-blbsxszfrh

  • MD5

    a8e39c4f7444c5e4718f596d70668f05

  • SHA1

    6d6a30d5ffacbca7cac798825e19656d512bb9e6

  • SHA256

    e757188e006c5be4ea45ece8a4dff1b0864158c0345a384d0d533ab807e555fd

  • SHA512

    3fd0a3a9a20a3402f7c2ff6fddea75b9a05327464f0a59de7e4574713718f14667b54f1a7fcb1630559e2239ae2bbb5dced314545e48b97c3214f0214c86f3cd

  • SSDEEP

    6144:wGViZ9yzbSYXMU23/M+Ed7uWR/3dAbmmVuFaJ9:wGVE9ydXMUI/M+s7uWFtAKmVua9

Score
10/10
xehookcredential_accessdiscoverystealer

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes
  • id

    364

  • token

    xehook364240207519384

Targets

    • Target

      97178f14cedd268cb8f57a8405b50c5715832050502abc75e5a94e6423ad8208.exe

    • Size

      229KB

    • MD5

      3d70a1184d7194dc0bed6dc4ecc80348

    • SHA1

      8691090e023f61cecb33803d55f3dd012bf974e2

    • SHA256

      97178f14cedd268cb8f57a8405b50c5715832050502abc75e5a94e6423ad8208

    • SHA512

      ac0c50e0ef410185ea285297e540328e5d892c43c6066eb2cf805825eac36c405b9dee8d0620774f0abd8f02cee3be68fa5062ecbb50d84efbafb4ece3e6084e

    • SSDEEP

      6144:YKRHGdv+l83h6bwlv9zOShvTzuuC++gY5Pjh7iM8avlt:Lmd5xWwlvYStTLC++gY5Pjh7iM8avl

    Score
    10/10
    discoveryxehookcredential_accessstealer

    • Xehook stealer

      Xehook is an infostealer written in C#.

      stealerxehook

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks