xehook | 88b4ac3ee1c2688ea9be4ec2f1982f7e093cae975aae9118e0c4a290af68ba14

General

Target

88b4ac3ee1c2688ea9be4ec2f1982f7e093cae975aae9118e0c4a290af68ba14
Size

226KB
Sample

240417-rhryqsbc54
MD5

bbeb5d847c990cd6fc9e91ef4290edf5
SHA1

6b7fb45753c4337b2822bf68459a73bbcdf69cdf
SHA256

88b4ac3ee1c2688ea9be4ec2f1982f7e093cae975aae9118e0c4a290af68ba14
SHA512

852777824b1971be657842dd726b21c70c725d2aba048027efecc1bc92ff57c874ec3e55f971e5b23c7e3f558709a0f6ae18adfea6ed9f11dd5867469f9db0d2
SSDEEP

6144:PTeH3lwf7GqHLZJruaiSCGQGLW4Fg8eUPSnaKj:PTeH3lwfZVJi6gGK4FLPSB

Score

10^/10

Malware Config

Targets

- Target
  
  1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e.exe
- Size
  
  328KB
- MD5
  
  2fa8c24b42f6542a290d85a9a3723e2a
- SHA1
  
  d7a518d0d6eae7732a59c6a7c397f0777d111255
- SHA256
  
  1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e
- SHA512
  
  764731d7ac9329083fc3a3db505b12c0a0f63ef3de3f07db80ebaab237a698b980961daaaa6b14b49ea63f93d5a848e81de6a50898c36f8609109c3ef70dc6db
- SSDEEP
  
  6144:3eY+jinF8jE9sKKegRcd2cS8ADT+5amtQuicddRp:fJf5vr9AuYOp
Score

10^/10

xehook zgrat rat spyware stealer
- Detect Xehook Payload
- Detect ZGRat V1
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect Xehook Payload

Detect ZGRat V1

Xehook stealer

ZGRat

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2