xehook | 4f66ddef14082dc213e3a5bac8debfef24027b5b5e9b3be5ac85bc13a31adf45 | Triage

Sharing

General

Target

4f66ddef14082dc213e3a5bac8debfef24027b5b5e9b3be5ac85bc13a31adf45.exe
Size

331KB
Sample

250318-d7ywpaxly2
MD5

1c3c3d869eb0804b24ed9bb2fdd8f3f6
SHA1

54a4f56bc708d2c4e72d744fd095bab33f4e7525
SHA256

4f66ddef14082dc213e3a5bac8debfef24027b5b5e9b3be5ac85bc13a31adf45
SHA512

42d1514c34f63c141defe08213f7f8f26b39bc5c27b558f6f54c4f8256bccebb984345629df75817d1194c86ac00f57acbd899a405609f48a880b95fcb85d386
SSDEEP

6144:FqurA7Ow+h8xoQj7F93V0flM5gUICGN4nMd2pRnOb58++Xx1aa5+rsnFSEvfNH:curA7s8V7BlIpGdNI5j+B19vFSGf5

Score

10^/10

xehook credential_access discovery spyware stealer

Malware Config

Targets

- Target
  
  4f66ddef14082dc213e3a5bac8debfef24027b5b5e9b3be5ac85bc13a31adf45.exe
- Size
  
  331KB
- MD5
  
  1c3c3d869eb0804b24ed9bb2fdd8f3f6
- SHA1
  
  54a4f56bc708d2c4e72d744fd095bab33f4e7525
- SHA256
  
  4f66ddef14082dc213e3a5bac8debfef24027b5b5e9b3be5ac85bc13a31adf45
- SHA512
  
  42d1514c34f63c141defe08213f7f8f26b39bc5c27b558f6f54c4f8256bccebb984345629df75817d1194c86ac00f57acbd899a405609f48a880b95fcb85d386
- SSDEEP
  
  6144:FqurA7Ow+h8xoQj7F93V0flM5gUICGN4nMd2pRnOb58++Xx1aa5+rsnFSEvfNH:curA7s8V7BlIpGdNI5j+B19vFSGf5
Score

10^/10

xehook credential_access discovery spyware stealer
- Detect Xehook Payload
- Xehook family
  xehook
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xehookcredential_accessdiscoveryspywarestealer

behavioral2

xehookcredential_accessdiscoveryspywarestealer