Overview

overview

10

Static

static

3

Aura (123).rar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Aura (123).rar

  • Size

    373KB

  • Sample

    241028-hhylvazrh1

  • MD5

    07548c2a5847ad0029f1e7562940e00b

  • SHA1

    ecb87973af3fc481595169bd577a08bd22ef2f32

  • SHA256

    73fc5919066a87f1310c3449d02dcce2249cdccede4a51f899cd7d43944d8159

  • SHA512

    fc527e8c3f3a41ecbbd29a7babe9db2e8d065310213d93b1d36561c69c9dc1045983ebe5c4a5bce2cfbe8c95f16658d3e291e46d5bc491ea2ed67599b5803a36

  • SSDEEP

    6144:YmnllS0FJv76N/MbPTfiYC7VNxYxAwJHbcVSlhFu2gpvzdzpBJI52BpiztRbhAFc:YUlFJv7WkbbiYtxAwygebdzXDB0ztRbr

Score
10/10
xehookcredential_accessdiscoverystealer

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes
  • id

    204

  • token

    xehook204410372691867

Targets

    • Target

      Aura (123).rar

    • Size

      373KB

    • MD5

      07548c2a5847ad0029f1e7562940e00b

    • SHA1

      ecb87973af3fc481595169bd577a08bd22ef2f32

    • SHA256

      73fc5919066a87f1310c3449d02dcce2249cdccede4a51f899cd7d43944d8159

    • SHA512

      fc527e8c3f3a41ecbbd29a7babe9db2e8d065310213d93b1d36561c69c9dc1045983ebe5c4a5bce2cfbe8c95f16658d3e291e46d5bc491ea2ed67599b5803a36

    • SSDEEP

      6144:YmnllS0FJv76N/MbPTfiYC7VNxYxAwJHbcVSlhFu2gpvzdzpBJI52BpiztRbhAFc:YUlFJv7WkbbiYtxAwygebdzXDB0ztRbr

    Score
    10/10
    xehookcredential_accessdiscoverystealer

    • Xehook family

      xehook

    • Xehook stealer

      Xehook is an infostealer written in C#.

      stealerxehook

    • Executes dropped EXE

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks