xehook | 88b4ac3ee1c2688ea9be4ec2f1982f7e093cae975aae9118e0c4a290af68ba14 | Triage

Submit
Reports

Overview

overview

Static

static

1f64bc9469...4e.exe

windows7-x64

1f64bc9469...4e.exe

windows10-2004-x64

Sharing

General

Target

88b4ac3ee1c2688ea9be4ec2f1982f7e093cae975aae9118e0c4a290af68ba14
Size

226KB
Sample

240417-rhryqsbc54
MD5

bbeb5d847c990cd6fc9e91ef4290edf5
SHA1

6b7fb45753c4337b2822bf68459a73bbcdf69cdf
SHA256

88b4ac3ee1c2688ea9be4ec2f1982f7e093cae975aae9118e0c4a290af68ba14
SHA512

852777824b1971be657842dd726b21c70c725d2aba048027efecc1bc92ff57c874ec3e55f971e5b23c7e3f558709a0f6ae18adfea6ed9f11dd5867469f9db0d2
SSDEEP

6144:PTeH3lwf7GqHLZJruaiSCGQGLW4Fg8eUPSnaKj:PTeH3lwfZVJi6gGK4FLPSB

Score

10^/10

xehook zgrat rat spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e.exe

Resource

win7-20231129-en

xehook zgrat rat spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e.exe

Resource

win10v2004-20240412-en

xehook zgrat rat spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e.exe
- Size
  
  328KB
- MD5
  
  2fa8c24b42f6542a290d85a9a3723e2a
- SHA1
  
  d7a518d0d6eae7732a59c6a7c397f0777d111255
- SHA256
  
  1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e
- SHA512
  
  764731d7ac9329083fc3a3db505b12c0a0f63ef3de3f07db80ebaab237a698b980961daaaa6b14b49ea63f93d5a848e81de6a50898c36f8609109c3ef70dc6db
- SSDEEP
  
  6144:3eY+jinF8jE9sKKegRcd2cS8ADT+5amtQuicddRp:fJf5vr9AuYOp
Score

10^/10

xehook zgrat rat spyware stealer
- Detect Xehook Payload
- Detect ZGRat V1
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xehookzgratratspywarestealer

behavioral2

xehookzgratratspywarestealer

© 2018-2024

Terms | Privacy