xehook | 1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e

Resubmissions

05-05-2024 02:01

240505-cfwftaed23 10

03-03-2024 18:34

240303-w76kmseh68 10

03-03-2024 18:33

240303-w7jqwaeb8v 10

03-03-2024 18:30

240303-w5g49seg83 10

Sharing

Copy URL

Twitter E-mail

General

Target

2fa8c24b42f6542a290d85a9a3723e2a.exe
Size

328KB
Sample

240505-cfwftaed23
MD5

2fa8c24b42f6542a290d85a9a3723e2a
SHA1

d7a518d0d6eae7732a59c6a7c397f0777d111255
SHA256

1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e
SHA512

764731d7ac9329083fc3a3db505b12c0a0f63ef3de3f07db80ebaab237a698b980961daaaa6b14b49ea63f93d5a848e81de6a50898c36f8609109c3ef70dc6db
SSDEEP

6144:3eY+jinF8jE9sKKegRcd2cS8ADT+5amtQuicddRp:fJf5vr9AuYOp

Score

10^/10

Malware Config

Targets

- Target
  
  2fa8c24b42f6542a290d85a9a3723e2a.exe
- Size
  
  328KB
- MD5
  
  2fa8c24b42f6542a290d85a9a3723e2a
- SHA1
  
  d7a518d0d6eae7732a59c6a7c397f0777d111255
- SHA256
  
  1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e
- SHA512
  
  764731d7ac9329083fc3a3db505b12c0a0f63ef3de3f07db80ebaab237a698b980961daaaa6b14b49ea63f93d5a848e81de6a50898c36f8609109c3ef70dc6db
- SSDEEP
  
  6144:3eY+jinF8jE9sKKegRcd2cS8ADT+5amtQuicddRp:fJf5vr9AuYOp
Score

10^/10

xehook zgrat rat spyware stealer
- Detect Xehook Payload
- Detect ZGRat V1
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Detect Xehook Payload

Detect ZGRat V1

Xehook stealer

ZGRat

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2